When the Mirantis team announced the Lens Extensions API back in November 2020, we were excited to experiment with it and build an extension for Starboard, our open source Kubernetes native security toolkit. True to DevSecOps principles, the integration makes security reports accessible within Lens IDE, giving you immediate and actionable information about potential security risks in your K8s deployments. Now you can easily view the vulnerability information in your Kubernetes dashboard alongside the workload it is associated with.
Lens is a widely used Kubernetes IDE that simplifies working with Kubernetes and helps manage clusters on a daily basis. Aiming to show information beyond the core Kubernetes constructs, the Lens Extensions API makes it possible to add new tabs and screens to Lens, and to work with custom resources. Using it, anyone can code lightweight integrations to enhance and customize Lens for their own tools and workflows.
Our open source project Starboard creates security reports from a variety of tools and vendors and makes them available as custom resources. By extending Lens to display these resources, the integration makes security information easily accessible and actionable for Kubernetes users. Developers who install the extension can view the details of security risks exactly where they belong, alongside the Kubernetes built-in resources to which they apply.
How does this work? For each underlying deployment, Starboard creates a custom resource called a vulnerability report, which is populated by Trivy, Aqua’s open source vulnerability scanner. The vulnerability report can be viewed in Lens as a raw YAML file, but with the extension, we provide an easier-to-use and more contextual picture of each report.
Now, when the Starboard Operator generates a report, Lens will display a summary of vulnerabilities, with more details available. You can link the report to a specific workload, look up the CVEs in our AVD (Aqua Vulnerability Database), or check if there is a fix available. Issues can be fixed by upgrading your container images or vulnerable dependencies.
Here’s a walkthrough video for the Starboard extension in Lens:
On top of vulnerability reports in Lens, you can also access configuration audit scans that were created by the Starboard Operator, which automatically checks for weaknesses in the configuration of Kubernetes workloads.
Our goal is to provide an end-to-end developer experience for finding and fixing security issues in Kubernetes. As the next step in our roadmap, we'd like the Lens extension to perform basic remediation actions. This means automatically applying changes to K8s workloads and tracking the progress of updates in real time.
Also, we plan to integrate kube-bench with the Starboard Operator to automatically run CIS Kubernetes benchmarks on nodes that are added to a Kubernetes cluster.
As always, we can’t wait for you to try it out and share your feedback – give the Lens extension a spin and let us know what you think!
Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and accelerate their digital transformations. The Aqua Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads, wherever they are deployed.
Aqua customers are among the world’s largest enterprises in financial services, software, media, manufacturing and retail, with implementations across a broad range of cloud providers and modern technology stacks spanning containers, serverless functions and cloud VMs.