Image Scanning
Image Scanning
Your Kubernetes Cluster is only as secure as the software that is running on it. If you are running out of date operating system packages, using old code libraries, or running software with too many privileges, then you are open to attack.
Luckily, scanning the software you are running with Kubernetes is easy because of a technology called containers. Containers are how software is packaged up and deployed to Kubernetes. Containers include all of your code’s operating system dependencies as well as the code/libraries that are run when starting your application.
m9sweeper can be set up to automatically scan every container that is currently deployed in your Kubernetes environment and report on any detected vulnerabilities. m9sweeper can automatically re-scan images every day, or it can just scan them once. It can also be triggered to run every time you commit new code to your project, such as in a build/deployment pipeline.
m9sweeper can protect against running non-secure code by blocking it from being deployed, however, this may not be desirable in all cases – sometimes you may want it to just alert you or provide a temporary exception when an issue is discovered, instead of taking a critical application offline. Also, you can configure how sensitive you want the scanner to be – suppose, for example, you want to allow minor vulnerabilities, or allow vulnerabilities for which there is not currently a fix available? Minesweeper lets you configure all of these rules. You can even create exceptions for packages you do not control, such as Prometheus monitoring or the Kubernetes API server (we even set these exceptions up by default).
Easy Installation
M9sweeper is, by far, the easiest-to-install, lightest-touch Kubernetes compliance and security platform. It can be installed in a matter of minutes and uses as much disk space and memory as many mobile phone apps.
Image Scanning
Your Kubernetes Cluster is only as secure as the software that is running on it. If you are running out of date operating system packages, using old code libraries, or running software with too many privileges, then you are open to attack.
Exception Management
Compliance and Security Policies are usually designed as an ideal-state goal, but in the real world, things do not always go as planned. Vulnerabilities can be discovered any day, and sometimes businesses have code-freezes or vendor software deployed that cannot be secured properly for weeks or months.
Policy Management
Managing policies is not something that M9sweeper invented. A tool called Gatekeeper has become incredibly popular for managing policies. Gatekeeper is built on top of Open Policy Agent, a standard for describing policies with code.
"It should take thousands of iterations of pushing code and praying while long build pipelines run, inspiring rage and artificial senses of accomplishment when it finally works"
– Jason Woodman – Co Founder