Helpful Tools for Container & K8s Security
Last updated
Was this helpful?
Last updated
Was this helpful?
is a tool that performs static code analysis of your Kubernetes object definitions (i.e., your YAML files). You can install it from .
Now you can just verify e.g., a deployment definition like this:
is an open source static code analysis tool for infrastructure-as-code. It scans cloud infrastructure provisioned using Terraform, Terraform plan, Cloudformation, Kubernetes, Dockerfile and more.
is an open source solution for static code analysis of Infrastructure as Code. KICS finds security vulnerabilities, compliance issues, and infrastructure misconfigurations in Infrastructure as Code solutions like Terraform, Kubernetes, Docker, Ansible or Helm.
Starting with version 2.3.6.0 or on Linux version 20.10.6 Docker has built-in using functionality provided by Snyk.
Trivy is very easy to use locally and inside your CI/CD system.
With that you just Popeye a cluster using your current kubeconfig environment by typing:
After installing, you may for example just check who can create pods:
With RBAC lookup you can just query for example the role bindings of the default service account:
As part of the demos we will also scan our container images for OS and Application vulnerabilities using an open source tool named .
For installation instructions just browse to the website.
is an open source registry that secures artifacts with policies and role-based access control, ensures images are scanned and free from vulnerabilities, and signs images as trusted. For image scanning you may integrate with one of the like , or .
or a commercial tool like .
As part of the demos we will also check our Kubernetes for security issues like container running with root rights using an open source tool named .
For installation instructions just browse to the website.
Popeye is a utility that scans live Kubernetes cluster and reports potential issues with deployed resources and configurations. Just head to the to install it.
is not easy. A recommended helpful tool for auditing RBAC configuration is . Just follow the instructions on the to install this.
is a CLI that allows you to easily find Kubernetes roles and cluster roles bound to any user, service account, or group name.