Inspiration

DevSecOps is on everyone's mind right now and although there are existing XSOAR integrations for k8s distros like Google Kubernetes Engine, there does not seem to be a generic Kubernetes integration that could talk to clusters using only the k8s API. This capability is important for runtime container security and container image policy compliance as it allows operators the ability to scan and audit their containers and clusters without requiring installing new software or pods in the cluster.

What it does

This project provides runtime container security and policy for Kubernetes clusters using the K8s REST APIs only. Unlike other container security solutions like PAN's Prisma or scanners from Aqua Security and others it does not require installing additional pods into the cluster and containers and clusters can be scanned for configuration weaknesses and security vulnerability remotely much like the CLI tool kubectl works. The integrations works with any Kubernetes distro like RedHat OpenShift or Azure Container Service via inspecting objct specifications executing shell commands inside running containers..

Cluster pods, controllers, services and routes configurations can be audited against benchmarks from STIG/CIS/NIST and running containers inside pods can be scanned for vulnerable operating system packages as well as application security vulnerabilities affecting .NET, nodejs, Python etc. applications.

Integrations

Kubernetes Vulners.com

Playbooks

  • Container auditing using benchmarks like STIG RHEL 7.
  • Container vulnerability scanning using the Vulners.com and others vulnerability scanners.

Built With

Share this project:

Updates