-
Book Overview & Buying
-
Table Of Contents
Learning Kubernetes Security - Second Edition
By :
Image scanning shows great promise in securing the DevOps flow. A secure Kubernetes cluster requires securing the entire DevOps flow by identifying known vulnerabilities, misconfigurations, and malicious content in container images before they are deployed. Therefore, securing a Kubernetes cluster isn’t just about protecting the runtime environment; it requires securing the entire DevOps pipeline, from development and build to deployment.
In this chapter, we first briefly talked about container images and vulnerabilities. Then, we introduced an open source image scanning tool, Trivy, and showed how to use it to do image and Kubernetes scanning. We also talked about the tool Syft that helps you generate SBOM files and how to scan these files using Grype. Finally, we talked about how to integrate image scanning into a CI/CD pipeline [10] at three different stages: build, deployment, and runtime.
Although the process can be time-consuming, it is necessary and very...