CVE Scanning with trivy
Automatically scrapes and scans all running container images for Common Vulnerabilities and Exposures (CVEs) using trivy. Apps can be blocked if they have severe vulnerabilities, with a clean exceptions management interface for your security team.
CIS Benchmarking with kube-bench
Assess whether you are following best practices defined by the Center for Internet Security (CIS) using kubebench. Scans can be easily scheduled to run regularly, such as daily or weekly, and reviewed in our clean user interace.
Compliance with Gatekeeper
m9sweeper provides a library of constraint templates with a simple interface for configuring compliance rules for OPA Gatekeeper. Exceptions can be requested and reviewed by your security team.
Pen Testing with kube-hunter
Assess whether you are secure by running a regular, scheduled non-invasive penetration test using kube-hunter. Results can be reviewed in your easy user interace.
Secure Deployments with kubesec
Ensure deployments are properly secured by reviewing your application deployments with kubesec. Ratings and summary reports are available in a simple graphical user interace.
Intrusion Detection with Falco
Monitor applications for suspicious activity and/or intrusions by hackers (such as reverse shells) using Project Falco. Detect anomalies by receiving alerts whenever a new kind of suspicious behavior is detected.
Report on Security
Our software will automatically scrape what images you have running in Kubernetes and scan and build out reports detailing all security vulnerabilities that exist in the packages and libraries your code uses. And best of all, we use Kubernetes’ native APIs, so it is very low risk and installs in minutes.
Make Compliance Possible
While tools like Gatekeeper and Open Policy Agent are immensely valuable for describing compliance in Kubernetes, they are also extremely difficult to use. Minesweeper’s library of pre-made policies and simple graphical user interface (and exceptions management interface) makes being compliant easy and manageable for most DevOps teams.
Securing your Kubernetes Cluster Doesn’t Have to Be Hard.
We make it easy with a 5-minute install, automating scanning/scraping of what you already have running, and a simple reporting and exceptions management interface.
"I founded m9sweeper because I wanted to make sure nobody would ever need to write rego code ever again. "
– Jason Woodman – Co Founder