Kubernetes / Container Security Tools You Must be Aware Of

Whether paid or free, the web is full of container security tools allowing developers and organizations to maintain a secure environment. This blog post will focus on Kubernetes / container open source security tools as we believe some free tools deliver no less than their commercial equivalents.

What is a container security tool?

Container security tools ensure that everything in your container is running as you programmed it to. The process of securing containers must run continuously while securing the container host, its network traffic, and its management stack but also monitoring the integrity of the build pipeline, your application security, and its foundation layers within the container.

The 5 container security tools below cover most of these aspects:

Clair

Clair is a comprehensive auditing tool based on multiple CVE databases, that analyzes container vulnerabilities statically. The process of identifying security vulnerabilities is based on indexing a list of features within a container image and then querying the database for vulnerabilities connected to that image. 

Anchore

Anchore is another container security tool based on CVE data. It enables Docker container image inspection and analysis with the use of custom policies.
The tool can run as stand-alone or on platforms such as Kubernetes, including Jenkins integration for CI/CD.

Scanning an image provides a list of vulnerabilities, risk levels etc.

Grafeas

Grafeas is a component metadata API based container security tool created by IBM & Google that allows for the creation of container security scanning projects.

Grafaes can enforce security policies on Kubernetes clusters that use Grafaes metadata.

Sysdig Falco

Falco is a Kubernetes security auditing tool by Sysdig that monitors containers, hosts, and network activities. It is used for continuous infrastructure checks and anomalies detection.

OpenSCAP Workbench

OpenSCAP is a cluster of multiple tools that affords organizations efficient development of security content.
OpenSCAP is proud of its ability to reduce the costs of performing security audits.

 

 

Want to share your own favorite open source container security tools?
Contact us or leave a comment below >>

 

-----------------------------------

About Lightspin

Lightspin’s contextual cloud security protects cloud and Kubernetes environments from build to runtime and simplifies cloud security for security and DevOps teams. Using patent-pending advanced graph-based technology, Lightspin empowers cloud and security teams to eliminate risks and maximize productivity by proactively and automatically detecting all security risks, smartly prioritizing the most critical issues, and easily fixing them.

For more information, visit: https://www.lightspin.io/