Project

Enhancing Bitnami Helm Charts Security: A Kubescape Case Study

Introduction

CVEs get all the press when it comes to secure software supply chain, and for good reason: vulnerabilities in open source code cost the global economy billions of dollars per year. However, even the most secure applications with the best supply chain provenance can be accidentally misconfigured in such a way that leaves insidious security holes lurking in your environment.

Much of the value that Bitnami adds in packaging open source software is in the configuration. Our Helm charts, for example, are loved because they are very thorough in exposing the “knobs and dials'' that are unique to each open source application you deploy to Kubernetes. Developers and IT admins alike also appreciate that we are constantly checking and improving the default configuration we ship in our charts to ensure they are as secure as possible. That’s why, when we recently discovered an open-source Kubernetes security project called Kubescape, we saw an opportunity to thoroughly check our software against industry best practices and close any gaps that existed.

July 16, 2024
in Study, Project
4 min read

Patching Image Vulnerabilities with Kubescape & Copa

In this article, we’ll learn how can we patch vulnerabilities in our container images using Kubescape & Copa.

July 14, 2024
in Announcements, Project
5 min read

Kubescape: The 1st Open Source project to support VEX Generation

Introduction

Vulnerability Exploitability eXchange (VEX) is a vulnerability document designed to complement a Software Bill of Materials (SBOM). It informs users of a software product about the applicability of one or more vulnerability findings.

Security scanners will detect and flag components in software that have been identified as being vulnerable. Often, software is not necessarily affected as signaled by security scanners for many reasons.

For example:

The vulnerable component may have been already patched,
The vulnerable component may not be present
The vulnerable code is not actually executed.

The extreme transparency brought by SBOMs into how software is composed will most likely increase the number of these kinds of false positives, requiring an automated solution to avoid an explosion in the false positive rate of security scans. Hence VEX.

Using VEX is a way to turn down the noise, and give security practitioners a good strong signal, a scanner may consume VEX data from the software supplier. However, it is time-consuming to write a VEX document and since it is imperative these documents stay current, it is a never ending task. The solution to this must come via automation.

Are you running Kubescape? Want to help us get to incubation in the CNCF? Please help us by filling in our three-question survey!

December 7, 2023
in Announcements, Project
8 min read

Kubescape 3.0: The Capabilties System & Continuous Scanning

Kubescape 3.0 is laden with new functionality. In this blog post, we will introduce you to two new and complementary features.

The new Capabilities system
The Continuous Scanning feature

Watch a short video for a demonstration of these features in action, or read on.

November 6, 2023
in Announcements, Project
3 min read

Kubescape 3.0: Introducing Workload Scanning

Kubescape 3.0 introduces workload scanning, which allows you to comprehensively report on the security posture of individual workloads running in a Kubernetes cluster. This includes both misconfiguration and vulnerability scanning. This scan results in information that gives a 360° assessment of your workload’s security posture.

Watch a short video for a demonstration of workload scanning and its benefits, or read on.

October 23, 2023
in Announcements, Project
3 min read

Kubescape 3.0: Introducing Image Scanning

In previous versions, Kubescape supported vulnerability scanning inside a cluster. We’ve brought this feature to the Kubescape command line in 3.0.

Watch a short video for a demonstration of image scanning from the Kubescape CLI and its benefits, or read on.

October 12, 2023
in Announcements, Project
2 min read

Kubescape 3.0: CLI improvements

In the latest release of Kubescape, we completely overhauled the CLI experience to make it easier and faster for you to improve the security of your clusters.

Watch a short video for a demonstration of the new CLI and its benefits, or read on.

October 1, 2023
in Announcements, Project
3 min read

Introducing Kubescape 3.0

We are excited to announce the preview release of Kubescape 3.0, the next generation of the CNCF Kubernetes security posture management tool.

Kubescape 3.0 will add:

Compliance and container scan results stored as Kubernetes resources inside the cluster
Scanning container images for vulnerabilities from the CLI
Reporting on the vulnerabilities of all the images in a cluster
A new overview security scan, which helps you set a baseline for cluster security
Highlighting of high-risk workloads: those that could do the most damage if they are compromised
Improved display output
A new capability-based Helm chart
Per workload, per namespace and per cluster Prometheus metrics
Alerting through Prometheus Alertmanager
Sending data outside the cluster to hosted services

Most of these features have landed already, with some being finished over the next few weeks.

Are you running Kubescape? Want to help us get to incubation in the CNCF? Please help us by filling in our three-question survey!

September 19, 2023
in Announcements, Project
6 min read

Happy second birthday, Kubescape!

What do you get a piece of software for its second birthday? A brand-new blog, of course! And cake. More on the cake later.

Kubescape is an open-source Kubernetes security platform that helps you identify and fix security risks, misconfigurations and vulnerabilities in your Kubernetes clusters. It is a powerful tool that can save you time and effort, and help you keep your Kubernetes deployments secure.

September 14, 2023
in Announcements, Project
2 min read