Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Containers

What Docker runtime deprecation means for your Kubernetes

On December 8, 2020, Kubernetes released version 1.20—the third and final release of the popular container orchestration platform in 2020. Kubernetes noted in a blog post that the version contained 42 enhancements. Of those enhancements, 16 entered into alpha, while the remainder moved to beta or graduated to stable at 15 and 11, respectively.

Exploiting and detecting CVE-2021-25735: Kubernetes validating admission webhook bypass

The CVE-2021-25735 medium-level vulnerability has been found in Kubernetes kube-apiserver that could bypass a Validating Admission Webhook and allow unauthorised node updates. The kube-apiserver affected are: You are only affected by this vulnerability if both of the following conditions are valid: By exploiting the vulnerability, adversaries could bypass the Validating Admission Webhook checks and allow update actions on Kubernetes nodes.

Our $188M funding round fuels our mission to help customers confidently run modern cloud applications

Today, I am excited to share that we secured $188M in a new funding round, at a valuation of $1.19B (read more here). At the outset, I want to thank our employees, partners, investors and most importantly, our customers for this important milestone. The funding follows a year of unmatched innovation that led to accelerated revenue growth, installed base growth, and rapid community adoption of our open source projects.

Why We Need to Rethink Authorization for Cloud Native

Companies have moved to cloud native software development so that they can increase development speed, improve product personalization, and differentiate their buyer experiences in order to innovate and win more customers. In doing so, enterprises have also redefined how they build and run software at a fundamental level.

Kubernetes Quick Hits: Use SecurityContext to run containers with a read-only filesystem

In this episode of our Kubernetes Quick Hits video series, Eric Smalling–Sr. In less than four minutes, you’ll learn how to use the readOnlyRootFilesystem control to keep your containers immutable and safe from modification by hackers and misbehaving code. Snyk helps software-driven businesses develop fast and stay secure. In addition to container security scans, Snyk can continuously monitor to find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

The K8s network (security) effect

Around 20 years ago I had the privilege of joining a young company that invented the Firewall – Check Point. I learned most of my networking knowledge and skills at Check Point and, at that time, I was involved in the high end, rapidly evolving internet. This might be the reason why I truly believe that network security must be a layer in the overall security strategy. A few years ago, I came back to Check Point as a cloud security product manager.

Mitigating CVE-2021-20291: DoS affecting CRI-O and Podman

The CVE-2021-20291 medium-level vulnerability has been found in containers/storage Go library, leading to Denial of Service (DoS) when vulnerable container engines pull an injected image from a registry. The container engines affected are: Any containerized infrastructure that relies on these vulnerable container engines are affected as well, including Kubernetes and OpenShift.

5 OPA Deployment Performance Models for Microservices

If you’re responsible for a microservices app, you may be familiar with the idea of a “latency budget.” This is the maximum latency, measured as total request time, that you need for the app to work, in order to meet your SLAs and keep stakeholders happy. For a stock trading or financial services app, this budget might be the barest of microseconds.

New Styra DAS Compliance Packs Foster Collaboration Across Teams

Bridging the gap between Security, Compliance and DevOps teams can be a challenging cultural shift to address. DevOps teams are eager to get software out faster and more efficiently, yet security best practices, like policy-as-code, need to be integrated from the outset to streamline the development process in this new cloud-native world.

Snyk @ Snyk: Enabling Kubernetes RBAC for Snyk's Developers

As Uncle Ben once said, “With great power comes great responsibility.” This is also true of the Kubernetes API. It is very powerful, and you can build amazing things on top of it, but it comes with a price—a malicious user can also use the API to do bad things. Enter Kubernetes RBAC (role based access control), which enables you to use the API in a controlled manner by granting only required privileges needed, following least privilege principle.