End-to-end open source security platform for Kubernetes has added vulnerability scanning for code repositories and container image registries. Credit: Thinkstock ARMO, developer of Kubescape, an open source security platform for Kubernetes, has added two new vulnerability scanning functions to the platform. Code repository scanning and container image registry scanning are the first fruits of an effort to cover more aspects of Kubernetes security, the company said, including integrating with more third-party devops and Kubernetes tools like Lens, Prometheus, Plural, Civo, GitHub Actions, GitLab, and Visual Studio. Code repository scanning is the ability to scan YAML files and Helm charts at the early stages of the SDLC. Even before they have any Kubernetes clusters in place, users can see the results on Kubescape’s cloud UI. Users can view history, trends, and drifts, set exclusions, and see where a control has failed and how to fix it, a capability known as “assisted remediation.” Container image registry scanning allows users to scan container images directly from their registries—including Elastic Container Registry, Google Container Registry, Quay, and others—before they are running or sent to run in the cluster. The two features allow for vulnerabilities to be detected earlier in the development process, or in third-party registries, preventing vulnerabilities from reaching production environments. Additionally, Kubescape continuously scans for new vulnerabilities in the CI/CD pipeline that might arise after a container image was created or a container cluster has been deployed. ARMO said that Kubescape will soon support the OpenAPI framework through Swagger, and Kubescape users will be able to leverage services through openly available APIs. The company also announced it is open sourcing a critical component of the Kubescape platform, its in-cluster Helm component, which will make more features, like image scanning, truly open source. Its next steps will be to open source the whole back-end code base and services, which will allow users to build their own cloud solution, and UI, on top of Kubescape and make it a devops-native tool. Also coming soon are collaboration features that will be integrated with external ticket management systems and internal communication channels, the company said. If users find a new security issue in their environment with Kubescape, they will be able to create Jira tickets, post to Slack channels, and assign the right team member to work on it, all from within the Kubescape platform. Related content analysis OpenHCL: Understanding Microsoft’s open source paravisor Microsoft is building Azure’s secure virtual infrastructure in public, a step toward expanding trusted execution. By Simon Bisson Oct 31, 2024 8 mins Microsoft Azure Cloud Security analysis Why are we still confused about cloud security? We’re building too much complexity and are ill-trained to secure it. The result will be breach after breach, while enterprises wonder what happened. Get a clue now. By David Linthicum Oct 15, 2024 5 mins Cloud Security Identity and Access Management Security Infrastructure analysis Why cloud security outranks cost and scalability Too many businesses believe that adequate security is too expensive. Here are some ways to keep costs manageable. By David Linthicum Oct 04, 2024 5 mins Microservices Cloud Security APIs analysis The challenge of cloud computing forensics NIST recently published a report that garnered little attention, but it's a must-read document for people in business and law enforcement. By David Linthicum Sep 24, 2024 5 mins Cloud Security Cloud Computing Data Management Resources Videos