Portshift has announced the release of Kubei, an open-source Kubernetes runtime vulnerabilities scanner tool.
According to the company, while there are a lot of options already out there, not all scanners are the same and differ by the number of feeds they consume, updates they product and information they provide.
‘All tools, however, require some preliminary integrations to assess accurately the vulnerabilities risk associated with containers deployed in their Kubernetes clusters. The challenges of this common and well established security best practice is the need for preliminary scanning integrations, without which, DevOps, DevSecOps, and Security teams have no visibility into the actual risk that containers deployed in their Kubernetes clusters have, or impose on their microservices, despite the fact that the actual risk frontier is in these Kubernetes clusters,” Ariel Shuper, VP of product management and business strategy for Portshift, wrote in a blog post.
In addition, the company finds teams need additional tools to accurately assess vulnerabilities.
Kubei aims to address challenges with a new security paradigm and operations model.
“Kubei provides DevSecOps teams accurate risk assessment of deployed containers without the need for preliminary integrations in CI pipelines or image registries,” Shuper wrote. “Kubei provides real time risk assessment of deployed pods, including application pods and Kubernetes pods, providing full coverage even for elements which are not always scanned (for example public images, not stored on your registry, that were not created in the user CI workflow, or even the Kubernetes API server and Istio/Servicemesh control-plane).”
Kubei runs on a Kubernetes cluster, extracts a list of images used to create running pods, and then scans those pods. In addition, it runs parallel scanners to distribute the scanning load and provide a quick response. When the scanning is done, the solution will generate a report that details the exact location of pods with risks, images they built from, and specific components in the image with vulnerabilities.