KUBERNETES SECURITY - Aqua Cloud Native Security, Container Security & Serverless Security Sun, 17 Mar 2024 08:32:54 +0000 en-US hourly 1 https://wordpress.org/?v=6.5.5 Introducing KBOM – Kubernetes Bill of Materials https://www.aquasec.com/blog/introducing-kbom-kubernetes-bill-of-materials/ Thu, 29 Jun 2023 08:57:48 +0000 https://www.aquasec.com/?p=14376 Introducing KBOM – Kubernetes Bill of MaterialsSBOM (Software Bill of Materials) is an accepted best practice to map the components and dependencies of your applications in order to better understand your applications’ risks. SBOMs are used as a basis for vulnerability assessment, licensing compliance, and more. There are plenty of available tools, such as Aqua Trivy, that help you easily generate …]]> Kubernetes Version 1.26: An Overview https://www.aquasec.com/blog/kubernetes-version-1-26-an-overview/ Thu, 08 Dec 2022 15:00:00 +0000 https://www.aquasec.com/?p=14533 Kubernetes Version 1.26: An OverviewKubernetes Version 1.26 was released with 37 new enhancements including 11 Stable, 10 Beta, 16 Alpha, and 12 features deprecated or removed. In this blog, we will highlight its most notable features and show how using Trivy will help you find deprecated Kubernetes resources. registry.k8s.io, Generally Available The container image registry has changed from k8s.gcr.io …]]> What’s New in Kubernetes Version 1.24 https://www.aquasec.com/blog/kubernetes-1-24/ Mon, 25 Apr 2022 09:30:00 +0000 https://www.aquasec.com/?p=14831 What’s New in Kubernetes Version 1.24With another Kubernetes release upon us, there are, as ever, a load of new features to consider. These include features to help companies use Windows containers securely and improvements in Kubernetes’ supply chain security. In this post, we’ll take a look at some of the more significant features of this release. Dockershim deprecation Undoubtedly, the …]]> Kubernetes RBAC: How to Avoid Privilege Escalation via Certificate Signing https://www.aquasec.com/blog/kubernetes-rbac-privilige-escalation/ Wed, 06 Apr 2022 09:30:00 +0000 https://www.aquasec.com/?p=14889 Kubernetes RBAC: How to Avoid Privilege Escalation via Certificate SigningFollowing on from our previous post on the risks of privilege escalation in Kubernetes via the node/proxy resource, we’re going to take a look at how users who have rights to the certificate signing request (CSR) API in Kubernetes might be able to use them to escalate their privileges in a cluster. In addition to …]]> Privilege Escalation from Node/Proxy Rights in Kubernetes RBAC https://www.aquasec.com/blog/privilege-escalation-kubernetes-rbac/ Thu, 03 Mar 2022 11:30:00 +0000 https://www.aquasec.com/?p=14960 Privilege Escalation from Node/Proxy Rights in Kubernetes RBACOne of the side effects of Kubernetes’ rich API and extensive functionality is that sometimes there are security implications to granting users permissions. Security architects should be aware of these side effects when designing platforms that use Kubernetes. In recent research with Iain Smart of NCC Group, we looked at how granting rights to node/proxy …]]> RBAC Virtual Verbs: Teaching Kubernetes to Educate Dolphins https://www.aquasec.com/blog/kubernetes-verbs/ Mon, 31 Jan 2022 15:30:00 +0000 https://www.aquasec.com/?p=14985 RBAC Virtual Verbs: Teaching Kubernetes to Educate DolphinsKubernetes’ role-based access control (RBAC) system is a cornerstone of cluster security. Most clusters use RBAC to determine which users have access to specific operations, and its core elements are well covered in the Kubernetes documentation. However, there are some less well-known features that could be relevant when creating or using tools designed to ensure …]]> Protecting Cloud Native Workloads on GKE Autopilot https://www.aquasec.com/blog/gke-autopilot-security/ Tue, 14 Dec 2021 14:14:18 +0000 https://www.aquasec.com/?p=15045 Protecting Cloud Native Workloads on GKE AutopilotGKE Autopilot is a new mode of operation in Google Kubernetes Engine (GKE) launched earlier this year to help DevOps teams focus their time and resources on building applications on Kubernetes, rather than on managing the infrastructure that the applications run on. As Aqua Security is a GKE selected security partner, customers can now run the Aqua platform seamlessly on a GKE Autopilot cluster. This can allow them to address …]]> Kubernetes Version 1.23: What’s New for Security?  https://www.aquasec.com/blog/kubernetes-version-1-23-security-features/ Tue, 07 Dec 2021 12:21:47 +0000 https://www.aquasec.com/?p=15054 Kubernetes Version 1.23: What’s New for Security? Like clockwork, a new Kubernetes release is upon us, with loads of interesting new features. A couple of the key features in Kubernetes 1.23 are hitting the beta level and will be enabled by default. In this post, we’ll explain what they mean for security, both in terms of improving cluster security and what you …]]> Top 10 Kubernetes Application Security Hardening Techniques https://www.aquasec.com/blog/kubernetes-hardening-techniques/ Wed, 18 Aug 2021 10:00:00 +0000 https://www.aquasec.com/?p=15176 Top 10 Kubernetes Application Security Hardening TechniquesOne of the main challenges developers face is how to manage security risks when deploying applications to Kubernetes clusters. A great way to address this early is by applying security hardening to the application manifests during the development process. In this post, we run down 10 ways that developers can apply hardening to their applications. …]]> Kubernetes Version 1.22: Security Features You Need to Know https://www.aquasec.com/blog/kubernetes-version-1-22-security-features/ Thu, 05 Aug 2021 10:20:36 +0000 https://www.aquasec.com/?p=15195 Kubernetes Version 1.22: Security Features You Need to KnowEven with Kubernetes’ new, longer release cycle in place, it doesn’t seem long since the last version came along with all its new features, but 1.22 is upon us. As ever, there’s an interesting mix of new features that are starting their maturation process as alpha releases and other features that are graduating to beta …]]>