starboard v0.15.11 releases: Kubernetes-native security toolkit
There are lots of security tools in the cloud native world, created by Aqua and by others, for identifying and informing users about security issues in Kubernetes workloads and infrastructure components. However powerful and useful they might be, they tend to sit alongside Kubernetes, with each new product requiring users to learn a separate set of commands and installation steps in order to operate them and find critical security information.
Starboard attempts to integrate heterogeneous security tools by incorporating their outputs into Kubernetes CRDs (Custom Resource Definitions) and from there, making security reports accessible through the Kubernetes API. This way users can find and view the risks that relate to different resources in what we call a Kubernetes-native way.
- Automated vulnerability scanning for Kubernetes workloads.
- Automated configuration audits for Kubernetes resources with predefined rules or custom Open Policy Agent (OPA) policies.
- Automated infrastructures scanning and compliance checks with CIS Benchmarks published by the Center for Internet Security (CIS).
- Penetration test results for a Kubernetes cluster.
- Custom Resource Definitions and a Go module to work with and integrate a range of security scanners.
- The Octant Plugin and the Lens Extension that make security reports available through familiar Kubernetes interfaces.
By following our Getting Started guide you can access the following types of security information through the Kubernetes API:
- Vulnerability information in your running workloads, scanned using Trivy
- Workload audits provided by Fairwinds Polaris
- CIS benchmark results per node provided by kube-bench
- Pen-testing results provided by kube-hunter
- 5e5085f chore: add team notification on vulnerabilities found (#1286)
- a7a2f6a chore: add team notification on vulnerabilities found (#1288)
- ffa32c1 chore: vulnerability-CVE-2022-32149 (#1293)
Copyright (C) 202 aquasecurity