Hey Product Hunters! 👋 I’m Shauli, the CEO and Co-Founder of Armo. Today, we are super excited to launch the newest version of Kubescape. Kubescape is an open source tool for anyone struggling with security for the Kubernetes operations. It is built to provide a true single-source and pane of glass to simplify end-to-end Kubernetes security. This includes providing in-depth risk analysis, benchmarking vs. industry standards and frameworks and security compliance roadmaps (such as the NSA-CISA, MITRE ATT&CK and more) , role-based access control visualizer. It scans K8s clusters, YAML files, HELM charts, API servers and worker nodes detecting misconfigurations and software vulnerabilities at early stages of the CI/CD pipeline, calculates risk score instantly and shows risk trends over time. Kubescape integrates natively with other DevOps tools, including Jenkins, CircleCI, Github workflows, and Slack, and supports multi-cloud K8s deployments like EKS, GKE, and AKS. Several significant features have been added to Kubescape in this new version: ✨ Customize Frameworks - Now you can create a custom framework. You can choose which controls are relevant to your organizations and create your own framework based on the unique requirements of your organization. ✨ Assisted Remediation - Kubescape will show you exactly where your resource have failed and what was the cause. Once you click on a resource, you will be able to see the exact and specific line which caused the resource to fail in the resource definition file (e.g. YAML). ✨ Registry scanning - Until today, Kubescape scanned for vulnerabilities only images that were pulled inside the clusterץ Now, Kubescape scans images for vulnerabilities before they reach the clusters - e.g. docker.io and quey.io Kubescape users can now detect vulnerabilities earlier in the CICD, prevent vulnerabilities from reaching deployments and production environments Unlike other products that scan one time only during the CICD pipeline, Kubescape continuously scans for new vulnerabilities that may arise after the cluster has been deployed (Using Kubescape in-cluster namespace) ✨ Repositories scanning - with the new repository scanning, users can see their misconfigurations scan results even if a cluster doesn’t exist ✨ Integration with Promethueres - With Kubescape integration to Prometheus, you can see and monitor the risk score of your cluster over time and of each of the frameworks/controls individually directly from Prometheus ✨ Kubescape extension at Visual studio, and Lens - We know how important it is that devops tools will work nicely together. This is why it’s our top priority to make sure that Kubescape will work seamlessly with other popular devops/K8s tools. Kubescape can be used as an extension of Visual studio and Lens, helping to infuse security directly from these platforms in different stage of the SDLC and the CICD pipeline

Ben Greenberg

Orbit

I've had the chance to see Kubescape firsthand and also interact closely with the Armo team. The team reflects all the qualities of Kubescape: openness, transparency, accessibility, and tireless commitment to achieving the very best. Well done, Armo!

3yr ago