Aqua Blog

Kubernetes

Scanning KBOM for Vulnerabilities with Trivy

Scanning KBOM for Vulnerabilities with Trivy

Early this summer we announced the release of Kubernetes Bills of Material (KBOM) as part of Trivy, our all in one, popular open source security scanner. In the blog we discussed how KBOM is the manifest of all the important components that make up your Kubernetes cluster: Control plane components, Node Components, …

Continue reading ›
Kubernetes Exposed: One Yaml away from Disaster

Kubernetes Exposed: One Yaml away from Disaster

If you thought that falling victim to ransomware, or a hacker hijacking your workstation was a nightmare, consider the potential catastrophe of having your Kubernetes (k8s) cluster hijacked. It could be a disaster magnified a million times over.

Continue reading ›
Introducing KBOM – Kubernetes Bill of Materials

Introducing KBOM – Kubernetes Bill of Materials

SBOM (Software Bill of Materials) is an accepted best practice to map the components and dependencies of your applications in order to better understand your applications’ risks. SBOMs are used as a basis for vulnerability assessment, licensing compliance, and more. There are plenty of available tools, such as Aqua …

Continue reading ›
Kubernetes Benchmark Scans with Trivy: CIS and NSA Reports

Kubernetes Benchmark Scans with Trivy: CIS and NSA Reports

One of Trivy’s core features is Trivy Kubernetes for in-cluster security scans of running workloads. This tutorial will showcase how to generate CIS and NSA reports both through the Trivy CLI and the Trivy Operator.Additionally, we will look at how users can add the Kubernetes Specification for their own Compliance …

Continue reading ›
Kubernetes Version 1.26: An Overview

Kubernetes Version 1.26: An Overview

Kubernetes Version 1.26 was released with 37 new enhancements including 11 Stable, 10 Beta, 16 Alpha, and 12 features deprecated or removed. In this blog, we will highlight its most notable features and show how using Trivy will help you find deprecated Kubernetes resources.

Continue reading ›
Trivy Now Supports NSA Kubernetes Compliance

Trivy Now Supports NSA Kubernetes Compliance

Trivy, the all-in-one open source security scanner, can scan your Kubernetes cluster as well as its running workloads for security issues. Trivy also has a native Kubernetes Operator for complete Kubernetes security posture management. These capabilities were covered in detail in our previous blog post Vulnerability …

Continue reading ›
Kubernetes Version 1.25: An Overview

Kubernetes Version 1.25: An Overview

Kubernetes Version 1.25 was released with 40 new enhancements including 13 Stable, 10 Beta, 15 Alpha, and 2 Deprecated. Join us as we present some of the notable features in this release, apply security with the Pod Security Admission (PSA), validate whether your cluster is using containerd, and give an overview of …

Continue reading ›
What's New in Kubernetes 1.8

What's New in Kubernetes 1.8

The newly released Kubernetes 1.8 is the third release this year, and shows great progress and maturity of the Kubernetes project. I’m happy that the community continues to make progress in several security-related areas that have been under development or in beta for a while, and are now officially released.

Continue reading ›
The Year That Was (Almost) - 10 Milestones in The Container Ecosystem

The Year That Was (Almost) - 10 Milestones in The Container Ecosystem

2016 was a big year for the virtual container space, and 2017 looks even more promising. The industry saw tremendous growth and continues to evolve at a rapid pace. Containers, being still relatively new, present new challenges in security -- but this year has seen much progress in addressing those challenges.

Continue reading ›
Security Best Practices for Kubernetes Deployment

Security Best Practices for Kubernetes Deployment

This is a blog post that Amir and I published on Kubernetes.io.

Kubernetes provides many controls that can greatly improve your application security. Configuring them requires intimate knowledge with Kubernetes and the deployment’s security requirements. The best practices we highlight here are aligned to the …

Continue reading ›