Kubescape 3.0: Introducing Image Scanning
In previous versions, Kubescape supported vulnerability scanning inside a cluster. We’ve brought this feature to the Kubescape command line in 3.0.
Watch a short video for a demonstration of image scanning from the Kubescape CLI and its benefits, or read on.
What’s new and how to?
Scanning an image in the Kubescape CLI
To scan an image, simply run the following command:
Kubescape will then scan the image for vulnerabilities and show you the results.
The results include the following information:
-
The most pressing vulnerabilities in the image
-
The most vulnerable components
-
A link to the documentation for each vulnerability
If you would like to see all of the vulnerabilities, regardless of severity, you can run the command in verbose mode with the -v flag.
The initial scan can take a while, as it is a comprehensive scan of everything. Subsequent scans are much quicker, so you can easily scan your images as part of your CI/CD pipeline.
Adding scans to your CI/CD pipelines
Having said that, the use case for security in CI/CD pipelines is not only about speed. To support this we extended our severity threshold flag to support image scanning. Just indicate the severity you would like to fail on, and Kubescape will fail your runs on them.
We believe that image scanning is an essential part of any Kubernetes security strategy. We encourage you to try it out and see for yourself how it can help you keep your images safe.
Conclusion
Image scanning is key to maintaining a tight security posture. It is now available on Kubescape and can be run via the CLI or embedded into your CI/CD pipelines. To learn more, please visit the Kubescape documentation.
Feel free to raise any issues in the Kubescape GitHub project or ask questions in our Slack channel.
Are you enjoying Kubescape? Please fill in our user survey!