Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Ingress aims to simplify the way you create access to your Kubernetes services by leveraging traffic routing rules that are defined during the creation of the Ingress resource. This ultimately allows you to expose HTTP and HTTPS from outside the Kubernetes cluster so you no longer need to expose each service separately—something that can be expensive and tedious as an application scales, resulting in an increase in services.

Kubernetes Admission Controller is an advanced plugin for gating and governing the configuration changes and workload deployment in a cluster. Admission Controller enables DevOps and Security personnel to enforce deployment requirements and restrictions in the cluster upon every workload start and any configuration change. Think of an Admission Controller as an Advanced Resource manager with a shield.

Kubernetes pods are the basic building blocks of Kubernetes. It's managing one or more tightly coupled application containers allowing them to share resources and networks. Pods are hosted on nodes, which are either physical or virtual machines. When defining a Pod we need to think not only about how much CPU or memory we want to assign to it but also about what would be the interaction between it and the underlying infrastructure.

Integrating Kubescape with 3rd party projects and DevOps tools is a strategic mission for us to enable you to extract more value out of Kubescape throughout the CI/CD pipeline, SDLC, and monitoring phases. We are happy to announce two significant integrations of Kubescape to leading Kubernetes open-source CI/CD tools.

One of the most used buzzwords in our industry is "single pane of glass". But what does it really mean? In most cases, it means a single dimension – either cross-infrastructure or cross-functionality or cross-organization. It usually never AND. Most likely, it's OR. So you will need to use multiple single-pane-of-glass products This led to an interesting discussion between us. Is it a single-pane for all the K8s clusters? Or single-pane for all the K8s security capabilities/functionalities?

ARMO's Kubescape is an open, transparent, single pane of glass for Kubernetes security, used by tens of thousands Tel Aviv - April 27, 2022 - ARMO, creators of the fast-growing Kubernetes open-source security project Kubescape, today announced $30M in funding for the first end-to-end open source Kubernetes security platform.

The first Kubernetes release of 2022 will be released on May 3rd. The new release, version 1.24, is full of enhancements, new features, and bug fixes. We’ve written this post so you can adjust your Kubernetes resources, update infrastructure, and smoothly migrate to the new version. We’ve also grouped the changes with their respective Special Interest Groups (SIGs), so that you can focus on the interrelated topics at once.

Security is crucial ‌for containerized applications that run on a shared infrastructure. With more and more organizations moving their container workloads to Kubernetes, K8s has become the go-to platform for container orchestration. And with this trend comes a growing number of ‌threats and new ways of attack that necessitate strengthening all layers of security. In Kubernetes, there are two aspects to security: cluster security and application security.

The ARMO Kubescape team has been busy lately… we have several new and improved features for you that we are very excited about. Based on the feedback and ideas we got from the amazing community, we worked hard to enhance Kubescape with better and deeper scanning capabilities, UI improvements, and a more friendly CLI version. We invite everyone to shape the Kubescape roadmap by giving us feedback and suggestions using git, discord, or mail.

Recently discovered vulnerability - CVE-2022-23648 - in containerd, a popular container runtime, allows especially containers to gain read-only access to files from the host machine. While general container isolation is expected to prevent such access, in Kubernetes, it is especially dangerous because well-known and highly sensitive files are stored in known locations on the host.