Runecast SaaS: Behind the Scenes with the Cloud Engineers

Today we bring you a unique interview with Honza & Jakub, both Cloud Engineers at Runecast. They met each other at a previous job and, besides the Cloud, they also learned that they have many common hobbies – for example, beers and games. They decided to join Runecast together since they are what their girlfriends like to call “work husbands'' – and one of their first major projects was to build the SaaS version of Runecast from scratch. In their own words, “It’s a challenge, but one that’s enjoyable.”

Behind the scenes on the Runecast SaaS development

Let's dive in with Jakub and Honza, who share a glimpse into our SaaS journey. 

How the idea of Runecast SaaS was born

Why did we decide to deliver a SaaS version of Runecast? It's simple. The main reason was to extend its capabilities to every SysAdmin, regardless of the internal regulations or policies that their organizations might have. When it comes to CNAPP solutions like Runecast, customers (and potential customers) are looking more than ever at aspects of security, compliance, efficiency, scalability, and cost-effectiveness. The natural progression is to look for platforms that can run in the cloud, so that the regular maintenance and resources consumption is minimized on the customer end.

Automations via GitOps, AgroCD and Terraform

When we started with SaaS, we were focusing on the three requirements: Security, Performance, and Cost-effectiveness. We’ve always wanted to prevent human mistakes, so we implemented a full GitOps approach – and automation as much as possible. We are utilizing ArgoCD to deploy our Applications and Atlantis for our infrastructure, which we keep as a code in Terraform. Nowadays, we deploy our instances by pushing a singular file with a unique name via the Pull Request and letting the tools do the work for us. 

ArgoCD implementation did not happen without challenges on the way. It was a new tool for us when we started building SaaS, and there was definitely a learning curve to it. 

At first we were not sure how to deliver the entire observability stack in an automated and reliable way, but after trying out different approaches we finally settled on an app-of-apps pattern. Utilizing ArgoCD CRD’s “Application” and “ApplicationSet” we can deploy the entire stack by committing a very short YAML file to git, and ArgoCD takes care of the rest.

Note: For all of that, the most important part is proper documentation. Never forget to document, document and document!

Secured with Hashicorp Vault

Our first and foremost motto is “Security first” – and our latest addition to the stack was the integration of Hashicorp Vault. The direction that we are taking is affected by the current technologies, so it’s ever-changing. We want our SaaS to fulfill your needs for your businesses, so we also take YOU – our customers – into Runecast’s vision. One such vision has taken the form of Agentless scanning implemented on AWS and other Cloud providers.

Our solution is secured, running behind VPN while making sure that we are centralizing the entire observability stack. We want to make sure that our SaaS framework is robust so we are ready for Single and Multi-tenant solutions as well.

Additionally, we built our networking in a way to support various connection methods for our future clients. We understand that Runecast has to access sensitive parts of systems to provide value, and therefore we offer VPN, PrivateLink or VPC Peering to ensure traffic stays private.

SaaS costs optimization via OpenCost

Last but not least, we understand the painstaking point of keeping costs under control. We actively monitor costs and constantly think about right-sizing and optimization. We utilize tools available from the Cloud providers themselves, but also open source tools such as OpenCost. These efforts are applied to all aspects and dimensions of the entire Runecast SaaS solution, not just the infrastructure.

Key learnings from the SaaS project

Each project is unique and for SaaS it’s about having as much as possible, if not everything, automated. The key aspects that we kept in mind should not just apply to SaaS but to any kind of development. Any features, enhancements or additions are delivered in a secure, automated and cost-effective way.

What you can find in Runecast SaaS

Currently, the offering provides agentless vulnerability scanning across AWS EC2 Linux instances, enhancing the security posture without the need for additional in-house infrastructure management. 

Additionally, Runecast SaaS supports connectivity via API to major cloud platforms like AWS, Microsoft Azure, and Google Cloud to scan for vulnerabilities, ensuring your cloud environments are always compliant and secure. For those utilizing our Kubernetes scanning feature within Runecast SaaS, enabling public access for the API – particularly when K8s is deployed on the Public Cloud – will ensure a smooth and efficient scanning process.

How to get Runecast SaaS

To request Runecast SaaS, log in to your account on the Runecast Portal and click the Try Runecast SaaS button at the top of the page.

‍

Learn more on Agentless AWS Vulnerability Scanning with Runecast SaaS and deep dive into technical details in the User Guide.