Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

ARMO's Kubescape is an open, transparent, single pane of glass for Kubernetes security, used by tens of thousands Tel Aviv - April 27, 2022 - ARMO, creators of the fast-growing Kubernetes open-source security project Kubescape, today announced $30M in funding for the first end-to-end open source Kubernetes security platform.

The first Kubernetes release of 2022 will be released on May 3rd. The new release, version 1.24, is full of enhancements, new features, and bug fixes. We’ve written this post so you can adjust your Kubernetes resources, update infrastructure, and smoothly migrate to the new version. We’ve also grouped the changes with their respective Special Interest Groups (SIGs), so that you can focus on the interrelated topics at once.

Security is crucial ‌for containerized applications that run on a shared infrastructure. With more and more organizations moving their container workloads to Kubernetes, K8s has become the go-to platform for container orchestration. And with this trend comes a growing number of ‌threats and new ways of attack that necessitate strengthening all layers of security. In Kubernetes, there are two aspects to security: cluster security and application security.

The ARMO Kubescape team has been busy lately… we have several new and improved features for you that we are very excited about. Based on the feedback and ideas we got from the amazing community, we worked hard to enhance Kubescape with better and deeper scanning capabilities, UI improvements, and a more friendly CLI version. We invite everyone to shape the Kubescape roadmap by giving us feedback and suggestions using git, discord, or mail.

Recently discovered vulnerability - CVE-2022-23648 - in containerd, a popular container runtime, allows especially containers to gain read-only access to files from the host machine. While general container isolation is expected to prevent such access, in Kubernetes, it is especially dangerous because well-known and highly sensitive files are stored in known locations on the host.

Kubernetes Ingress is one of today’s most important Kubernetes resources. First introduced in 2015, it achieved GA status in 2020. Its goal is to simplify and secure the routing mechanism of incoming traffic to your defined services. Ingress allows you to expose HTTP and HTTPS from outside the cluster to your services within the cluster by leveraging traffic routing rules you define while creating the Ingress.

In March 2022, NSA & CISA has issued a new version of the Kubernetes Hardening Guide – version 1.1. It updates the previous version that was released in August 2021. Kubernetes evolves fast, and Kubernetes adoption grows even quicker. Kubernetes has become a very popular target and therefore requires continuous enhancement of the protection measures.

On March 4th, a new privilege escalation vulnerability (CVE-2022-0492) in the Linux kernel was published. It has the potential to allow container escape and take control over the entire node on which the container runs. All the CSPs and Linux distribution providers have issued patches to close this vulnerability. Unfortunately, there is no unified kernel version numbering across these platforms and some of them allow to apply a patch without changing the kernel version number.

If you’re reading this article, you’re probably either running a Kubernetes cluster or planning to run one. Whatever the case may be, you will most likely need to have a look at data—how to store it and how to secure it. There are different types of stored data in Kubernetes: In this article, we will review how to deal with each of these data types in a Kubernetes cluster.

Though Kubernetes has grown in popularity, it still has a steep learning curve that can make it hard to adopt the technology. Those who can’t get past this initial hurdle are often left behind in the fast-paced field of software development. This article will introduce YAML files for Kubernetes object configuration. YAML provides a way to declaratively configure your Kubernetes applications, and these declarative files allow you to effectively scale and manage your applications.