Skip to content

Kubescape 3.0: Introducing Image Scanning

In previous versions, Kubescape supported vulnerability scanning inside a cluster. We’ve brought this feature to the Kubescape command line in 3.0.

Watch a short video for a demonstration of image scanning from the Kubescape CLI and its benefits, or read on.

What’s new and how to?

Scanning an image in the Kubescape CLI

To scan an image, simply run the following command:

kubescape scan image 

Kubescape will then scan the image for vulnerabilities and show you the results.

Image scan

Result of image vulnerability scanning in Kubescape

The results include the following information:

  • The most pressing vulnerabilities in the image

  • The most vulnerable components

  • A link to the documentation for each vulnerability

If you would like to see all the vulnerabilities, regardless of severity, you can run the command in verbose mode with the -v flag.

kubescape scan image  --verbose

The initial scan can take a while, as it is a comprehensive scan of everything. Subsequent scans are much quicker, so you can easily scan your images as part of your CI/CD pipeline.

Adding scans to your CI/CD pipelines

Having said that, the use case for security in CI/CD pipelines is not only about speed. To support this we extended our severity threshold flag to support image scanning. Just indicate the severity you would like to fail on, and Kubescape will fail your runs on them.

kubescape scan image my-image:latest --severity-threshold high

We believe that image scanning is an essential part of any Kubernetes security strategy. We encourage you to try it out and see for yourself how it can help you keep your images safe.

Conclusion

Image scanning is key to maintaining a tight security posture. It is now available on Kubescape and can be run via the CLI or embedded into your CI/CD pipelines. To learn more, please visit the Kubescape documentation.

Feel free to raise any issues in the Kubescape GitHub project or ask questions in our Slack channel.

Are you enjoying Kubescape? Please fill in our user survey!