Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Kubescape can now automatically scan Kubernetes clusters against the Center for Internet Security (CIS) benchmark, identify compliance gaps, suggest remediations, and monitor for drifts. This feature was born as a direct response to requests we received from Kubescape’s community and we’re excited to launch it. In this version, Kubescape supports CIS Kubernetes V1.23. In the next releases CIS GKE, AKS, and EKS frameworks will be supported as well.

Kubernetes has taken center stage in how we now manage our containerized applications. As a result, many conventions to define our Kubernetes apps exist, including structures such as YAML, JSON, INI, and more. This leaves us to consider what is the best strategy to follow for our applications. Additionally, we must then also ask how we can validate our application configurations depending on the path we’ve chosen in terms of file structure and especially security.

The tech sector is expanding aggressively. And for businesses and services, keeping up with this growth implies only one thing: integrate new technologies and innovate at pace or be left out.

DevOps and modern engineering have enabled us to provide higher quality code at greater speeds by introducing guardrails and checks into our automated continuous integration (CI) and continuous deployment (CD) processes.

A new vulnerability was reported on Sep 16th in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. As a result, the client may perform unexpected actions and share the API server credentials with third parties. The aggregated API server extension in Kubernetes API server enables users to extend API server with alternative objects and paths.

Exactly one year ago, ARMO released Kubescape to the market with a vision to make Kubernetes security open source, simple, and available for everyone.

Kubernetes' new version - version 1.25 - will be released on Tuesday 23rd August 2022, and it comes with 40 new enhancements in various areas and numerous bug fixes. This blog will focus on the highlighted changes from each special interest group (SIG) in the upcoming release and ensure you are confident before upgrading your clusters.

New exciting Kubescape features have recently landed - Code repository scanning & Container image registry scanning! By enhancing Kubescape's security posture capabilities, you will be able to embed security even earlier in the SDLC (Software Development Lifecycle) and in a broader range of places in your CI/CD pipeline.

Despite being a large open-source and complex project, Kubernetes keeps on evolving at an impressive pace. Being at the center of various platforms and solutions, the biggest challenge for the Kubernetes project is to remain vendor-neutral. This is the reason the community has come up with Kubernetes Gateway API.

Kubernetes is the de-facto container management platform of today and the future. It has increased the scalability and flexibility of applications and eliminated vendor lock-in. Kubernetes also brings a lot of security native features; however, with security, the devil is always in the details. By default, the security of cloud services, applications, and infrastructure is not in the scope of Kubernetes. This does not mean that running Kubernetes is destructive and makes your applications vulnerable.