Vulnerability Scanning in Kubernetes Cluster — Kube-Scan
--
As the adoption of container based applications are on continuos growth with more and more enterprises migrating or creating container native apps to run on kubernetes cluster, so it’s not just about managing nodes anymore. Many organizations now run multiple applications, across different teams, running on-prem or on different clouds and orchestrators, resulting in a growing need for scalable security that’s easy-to-manage.
With this complex, scaling environment, how to continuously manage security?
Answer is kube-scan which provides simple & easy to detect security vulnerabilities revolving around your container’s image and could potentially be dangerous.
Lets have small introduction of kube-scan from their GitHub page.
Kube-Scan gives a risk score, from 0 (no risk) to 10 (high risk) for each workload. The risk is based on the runtime configuration of each workload (currently 20+ settings). The exact rules and scoring formula are part of the open-source framework KCCSS, the Kubernetes Common Configuration Scoring System.
It can be deployed easily within minutes using helm or manifests on any kubernetes cluster whether cloud or on-prem.
So now let’s have a look on how you can install & make it up & running in just 1 simple command, link to the helm chart is here.
helm upgrade kube-scan . -n default --install -f values.yamlOnce its deployed, use below port-forwarding command to access the UI.
kubectl port-forward svc/kube-scan-ui 8080:80Finally from browser, access it viahttp://localhost:8080
kube-scan is now fully up & running on a kubernetes cluster, so now you can easily identify security vulnerabilities across your kubernetes cluster and mitigate it based on the risk score.
Screenshots
