Portshift has announced an open source Kubernetes runtime images scanning solution called Kubei. With Kubei, scanning containers during runtime ensures strong security for Kubernetes clusters.
Portshift said its open source project introduces its technology to a broad community of DevOps/SRE teams involved with the deployment of containers — their orchestration, management and security. Kubei identifies which pods were built from vulnerable images or contain newly discovered vulnerabilities, then it couples the Kubernetes information with vulnerability data for quick and easy remediation.
Kubei scans only images that are deployed in runtime that also include the scanning of non-registry images. It replaces the need to scan the entire images registry which contains many different versions and/or images that are not in use. The solution is easy to operate and integration with CI/CD pipeline tools is not a requirement.
With Kubei, all runtime images inside the cluster will be scanned. These include non-registry images (whether coming from CI/CD or not), thus providing the organization with an extra layer of security.
Key capabilities of the new solution include one-click container configuration and discovery of vulnerabilities in runtime, throughout all Kubernetes clusters under management. Within minutes, Kubei summarizes and portraits all of the vulnerabilities existing in runtime deployments with an operational view. With this, DevOps will know immediately which containers have vulnerabilities, where these vulnerabilities exist (image, pod, container and namespace), and what needs to be patched or replaced.