ARMO launched an expanded model Kubescape, an open-source testing device for Kubernetes environments that’s compliant with the requirements set forth within the Kubernetes Hardening Steerage launched by the NSA and CISA.
Kubescape is likely one of the fastest-growing Kubernetes safety instruments amongst builders resulting from its simple to make use of CLI interface and versatile output codecs. Simply weeks after launching, Kubescape has develop into an immensely common device within the Kubernetes group, with greater than 4000 stars and tens of 1000’s of downloads on Github, and 1000’s of lively builders embracing the answer.
Kubescape scans K8s clusters, YAML information, and HELM charts, offering hyper correct outcomes and enabling the detection of misconfigurations and software program vulnerabilities at early levels of the CI/CD pipeline. It additionally integrates natively with different DevOps instruments, together with Jenkins, CircleCI and Github workflows.
The expanded model of Kubescape has been up to date with new Kubernetes configuration scanning, based mostly on the MITRE ATT&CK framework. Kubescape is now the first-ever open- supply Kubernetes product to leverage the MITRE framework for testing and marks the primary time that groups can take a look at Kubernetes towards a number of frameworks in a single single device.
The brand new registration-based SaaS Kubescape answer, which is free to make use of, affords extra advantages together with:
- Consumer-friendly UI for streamlined scans and take a look at administration, offering groups the power to decide on which framework to make use of in response to their group’s construction and particular vulnerabilities.
- An immediately calculated threat rating based mostly on the present scan, giving stakeholders the power to make fast, good selections based mostly on their group’s real-time standing.
- Quick access to a historical past of previous scans for fast overview of whole threat scores traits from one scan to the subsequent. Stakeholders can monitor their group’s progress with hyper-accuracy, decide whether or not their threat has modified for higher or worse over time, and handle configuration drifts.
- Exceptions administration, permitting Kubernetes admins to mark acceptable threat ranges inside particular sources and choose which exams to carry out so as to keep away from alert fatigue. Customers not must cope with a number of alerts on failed exams which inner stakeholders have decided to be of low precedence to the group.
- Construct and create personalized compliance frameworks, empowering stakeholders with the power to check in response to their group’s distinctive necessities. Customers can take a look at group’s Kubernetes environments utilizing their customized framework, making certain that each one workloads deployed inside a company’s networks are compliant with the identical normal.
“Builders have a look at safety as a design and architectural downside that must be managed from the earliest levels of the event pipeline. Kubescape’s seamless integration with Kubernetes’ tech stack and sensible, easy output make it a high-value, go-to answer that’s extraordinarily interesting to builders,” mentioned Shauli Rozen, CEO, ARMO. “We’re thrilled to see that Kubescape is resonating with builders everywhere in the globe, and our imaginative and prescient is to construct on that momentum to proceed solidifying Kubescape because the device of selection for Kubernetes customers, as an integral a part of their every day routines and organization-wide safety methods.”
“Kubescape detects extremely harmful safety weaknesses earlier than they attain manufacturing, and our up to date model supplies a good deeper degree of visibility and safety for Kubernetes customers,” mentioned Leonid Sandler, CTO, ARMO. “With the brand new expanded model of Kubescape, they’ll repeatedly study their safety controls and deployments to make sure the very best degree of safety doable for his or her corporations, leveraging the trade’s first open supply device that gives Kubernetes testing towards a number of frameworks.”