Security from CI/CD Pipeline

K8s Security Assurance from CI/CD

As a DevOps, you need to focus on your application instead of your Kubernetes risks and configuration. This means that your Kubernetes security needs to start working for you and not the other way around. Ensuring a secured software supply chain from hygiene drift and doing cluster hardening are top priorities for any organization and with Alcide, this can be done from your CI+CD pipeline.

Alcide Dev-to-Production security solution introduces a new approach to Kubernetes platforms security which provides a dedicated offering for each stage of the development pipeline. You can sign up today for Alcide Advisor to get an immediate snapshot of your cluster’s security, risk & hygiene level along with a detailed list of identified issues, description, and recommendation for quick remediation.

Scanning your clusters periodically, directly enables security teams end-to-end visibility into the hygiene & risk levels of one or many clusters, regardless of whether the Kubernetes resources were provisioned through CI+CD, human operator CLI, cloud console, Kubernetes dashboard, Kubernetes operator or exploited privileged workload.

 

Detect Hygiene, Risk & Conformance Drifts from CI+CD Pipeline

Integrated into the CD phase of your CI+CD pipeline, Alcide Kuberentes Advisor provides profile-driven machinery to detect “negative” drifts with respect to a previous deployment across a wide range of Kubernetes and Istio specific security, conformance, hardening, risk, misconfiguration and security best practices. By integrating Alcide Kubernetes Advisor into the Development stage, and actively failing CD pipeline on security issues, becomes effective as compilation error failing a build. Which keeps all those drifts away from Production clusters.

Why Scanning a Kubernetes Resource, Helm Chart Is Not Sufficient?

The Helm charts or Kubernetes resources Way

Automation pipeline end up provisioning first or third party container images, wrapped with Helm charts or Kubernetes resources, and inject configuration and secrets into various locations that are implementation-specific

Cluster operators, are oftentimes run as privileged workload/controller and may introduce resources into the cluster in an autonomous fashion

Mutating Admission Controllers can change deployed resources in a way that may degrade the hygiene level of a resource or increase the associated risk.

How can you detect that drift in the cluster hygiene level and specifics in the software supply chain hygiene? How can you ensure that the bad build fails before moving to Production?

The Alcide Way

The Alcide Kubernetes Advisor is a Continuous Kubernetes and Istio hygiene checks tool that provides a single-pane view for all your K8s-related issues: audit, compliance, topology, network, policies, and threats.

This ensures that you get a better understanding and control of distributed and complex Kubernetes projects with a continuous and dynamic analysis.

A partial list of the checks we run includes:

  • Kubernetes vulnerability scanning
  • Hunting misplaced secrets, or excessive secret access
  • Workload hardening from Pod Security to network policies
  • Istio security configuration and best practices

The Helm charts or Kubernetes resources Way

Automation pipeline end up provisioning first or third party container images, wrapped with Helm charts or Kubernetes resources, and inject configuration and secrets into various locations that are implementation-specific

Cluster operators, are oftentimes run as privileged workload/controller and may introduce resources into the cluster in an autonomous fashion

Mutating Admission Controllers can change deployed resources in a way that may degrade the hygiene level of a resource or increase the associated risk.

How can you detect that drift in the cluster hygiene level and specifics in the software supply chain hygiene? How can you ensure that the bad build fails before moving to Production?

The Alcide Way

The Alcide Kubernetes Advisor is a Continuous Kubernetes and Istio hygiene checks tool that provides a single-pane view for all your K8s-related issues: audit, compliance, topology, network, policies, and threats.

This ensures that you get a better understanding and control of distributed and complex Kubernetes projects with a continuous and dynamic analysis.

A partial list of the checks we run includes:

  • Kubernetes vulnerability scanning
  • Hunting misplaced secrets, or excessive secret access
  • Workload hardening from Pod Security to network policies
  • Istio security configuration and best practices

Ready to get started with K8s?

Integrated with the CI+CD pipeline, Alcide Kuberentes Advisor provides

on-going insights and recommendation for security drifts detected

in the Development stage, before being exploited in Runtime.

 

Start for Free