Kubescape: CNCF Sandbox platform for the security of all Kubernetes

CupiscapeFormal acceptance this week before Cloud Native Computing Foundation (CNCF) as a sandbox project marks the first stage in the journey to deliver a comprehensive open source security platform for Kubernetes projects, say project creators from ARMO.

According to the Kubescape documentation, the open source Kubernetes security platform covers the full scope of the application lifecycle and updates for Kubernetes applications. This includes IDE and CI/CD pipelines and suites for risk analysis, security, compliance, and misconfiguration scanning.

The operative keywords are “platform” and “Kubernetes”. The platform part means that Kubescape is not just another security tool with very specific functionality for Kubernetes among legions of alternatives. The Kubernetes part is essential because that means the platform is only for Kubernetes.

Kubescape is used to integrate with the long checklist of necessary tools that DevOps teams want to add for use with the platform, such as for Bill of materials software (SBOM), signature scanning and policy controls. Its scans run at the beginning left of the end of the production cycle and extend through CI/CD and throughout the deployment and batch management process.

Used to find and fix configuration errors and vulnerabilities across such as: frameworks such as NSA-CISAAnd MITER ATT & CK and the CIS standard, Kubescape scans YAML files, Helm schemas, and assemblies upon deployment. Kubescape can also integrate with Jenkins, CircleCI, GitHub Actions, GitLab, IDEs (ie Visual Studio Code), Prometheus, Lens, and Docker.

“We want to be CNCF’s open source Kubernetes security platform; that’s my vision. We want to consolidate Kubernetes security into a single platform,” CEO and co-founder of Shawley Rosen from armu, He said to the new stack. “I really think that’s something that’s been missing in this space.”

The concept of an open source security platform, donated by CNCF and oriented exclusively to Kubernetes, is attractive. But more remains to be seen about how this open source project will be adopted, Torsten Volkanalyst Enterprise Management Partners (EMA)said The New Stack.

ARMO is now serving as well ARMO platform, as an additional security layer on top of Kubescape. It provides what the company calls a Kubernetes “ready” security platform for SaaS or on-premises deployments. It can be deployed on hosted Kubernetes platforms including Amazon Elastic Kubernetes Service (EKS), Microsoft Azure Kubernetes Service (AKS), Google Kubernetes Engine (GKE), Red Hat OpenShift, and more.

Gears and wheels

Kubescape is largely based on Open the policy agent To check Kubernetes objects against a library of situational controls. In the Kubescape documentation, the monitoring results are printed and can also be:

  • Exported to JSON or junit XML.
  • It is rendered to HTML or PDF.
  • Provided to a cloud service.

Meanwhile, the company plans to open source a number of special features and open source Kubescape backend code over the coming quarters for KubeScape, Rosen told The New Stack. Features it plans to open source include extending the process of continually monitoring runtime stuff and “making sure they don’t change,” in the event of a memory attack, for example, he said.

Meanwhile, in order to win over developers, security, and operating team members, Kubescape must be able to demonstrate that it can seamlessly fit into their existing way of working and enable all Kubernetes-related personalities to benefit from security barriers and best practices gleaned from the Kubernetes community. Volk said. “This could finally give companies a chance in the eternal race against the bad guys,” Volk said.

There are two categories of clients that Kubescape users typically fall into. These include large organizations that have made the transition to cloud native but continue to maintain investments in other types of infrastructure outside of Kubernetes. The other end of the spectrum, Rosen said, consists of recently created organizations that maintain “highly customized Kubernetes environments.”

The entire Kubernetes organization, which is mainly small to medium-sized companies, is our sweet spot to be honest right now, Rosen said.

a group Created with Sketch.

Leave a Comment