Kubernetes is a disruptive technology that has changed the way people think about development and deployment. Watching K8s grow from fledgling technology to enterprise backbone has been a thrilling experience. As technologies become more established support systems, standards and principles evolve and are defined around them. Kubernetes Security Posture Management (KSPM) is one of the places where Runecast is leading and defining the landscape.
Security needs to be a holistic practice, something that is considered from the very beginning of the projects to the ongoing maintenance once a project is live. In this way, security in the Kubernetes space is similar to other security considerations. However, there are a number of unique considerations that need to be taken into account when dealing with containers, clusters and nodes.
Simply put, KSPM is the practice of putting your K8s infrastructure in the best possible position to be and remain secure. This, of course, starts with knowing what you have.
See more info in this video:
See under the surface
Runecast scans your infrastructure and reports back any vulnerabilities, issues or errors in configurations. In version 6.2 Runecast’s scanning now extends down from the cluster to the nodes, by providing vulnerability scanning for deployed Kubernetes container images. This means that Runecast users now have the ability to automate vulnerability management. Your images can now be scanned to ensure they meet any best practices, security or compliance requirements.
Runecast Kubernetes Image Scanning
Shift left with K8s Admission control support
For your Dev and DevOps teams, Runecast now integrates directly with your Kubernetes Admission Controller. We allow you to connect your container deployments from any platform that supports webhooks, directly to Runecast’s image scanning. This means you can use our built in policies to ensure no container image gets deployed that does not meet the criteria outlined in the policy. If your pull requests don’t match up, they are automatically rejected.
When a deployment is requested Runecast’s image scanning takes the Template or Manifest for the container that’s about to be deployed and sends the policy result for the image back to Kubernetes.
Runecast can also highlight if there are available patches or fixes for the image, giving you the information necessary to remediate the issues and return to your deployment.
There is little doubt that Kubernetes has changed the way people work and Runecast is similarly ready to speed up and simplify Kubernetes security.
If you want to see how Runecast can speed up deployments and automate security, contact us for a demo.