Portshift, a leader in cloud-native workload protection, today introduced Kubei Open Source container scanning software. Kubei is a unique open-source Kubernetes runtime images scanning solution, presented to invite developer collaboration for the hardening of runtime environments. Kubei identifies which pods were built
from vulnerable images or contain newly discovered vulnerabilities, then it couples the Kubernetes information with vulnerability data for quick and easy remediation.
Traditionally, container scanning solutions have been used to detect vulnerabilities within the CI/CD development pipeline or within the image’s registry. This approach lacks the ability to observe running pods which were created before the image-scanning process took place.
Portshift’s open-source project introduces its technology to a broad community of DevOps/SRE teams involved with the deployment of containers — their orchestration, management and security. With Kubei, scanning containers during runtime ensures strong security for Kubernetes clusters.
A powerful new solution for DevOps/SRE professionals, Kubei scans only images that are deployed in runtime that also include the scanning of non-registry images. It replaces the need to scan the entire images registry which contains many different versions and/or images that are not in use. The solution is easy to operate and integration with CI/CD pipeline tools is not a requirement. With Kubei:
- The solution only scans the deployed images. It provides accurate and real-time risk assessment, saving time and resources of scanning them offline.
- All runtime images inside the cluster will be scanned, including non-registry images (whether coming from CI/CD or not), providing the organization with an extra layer of security.
Key capabilities of the new solution include one-click container configuration and discovery of vulnerabilities in runtime, throughout all Kubernetes clusters under management. Within minutes, Kubei summarizes and portraits all of the vulnerabilities existing in runtime deployments with an operational view.
With this, DevOps will know immediately which containers have vulnerabilities, where these vulnerabilities exist (image, pod, container and namespace), and what needs to be patched or replaced.
“As DevOps continues to gain popularity for rapid delivery and innovation of IT-enabled capabilities, concerns about security increase. Security and risk management leaders must adopt security tools, processes and policies to the DevOps toolchain without slowing the development and release process,” said Gartner in a report titled “Integrating Security Into the DevSecOps Toolchain.”1
“With the launch of Kubei, Portshift assists DevOps in maintaining development timelines, providing easy access and quick scanning of runtime (relevant) images on-demand,” said Zohar Kaufman, Co-Founder and VP, R&D, Portshift. “The open-source tool couples Kubernetes information with the vulnerability data and includes the context in addition to data for a much clearer picture of Kubernetes vulnerabilities in real-time.”
Portshift is an identity-based cloud workload protection platform that secures applications from CI/CD to runtime. Portshift enables organizations to know which applications are running on their cloud environments, to see and enforce how the applications communicate and to easily find information that is associated with their development and deployment cycles enabling DevOps teams to orchestrate security as part of their day-to-day job.
Portshift’s unique model introduces a security framework that is decoupled from network and operations, allowing for accelerated software delivery at any scale. Portshift was spun out of think tank and company-builder Team8. Go to portshift.io for more info.