Cloud Native Security, Container Security & Serverless Security Sun, 11 Aug 2024 09:07:17 +0000 en-US hourly 1 https://wordpress.org/?v=6.5.5 https://www.aquasec.com/blog/managing-kubernetes-secrets/ Mon, 15 Apr 2024 12:27:00 +0000 https://www.aquasec.com/?p=15886 If you deploy applications using Kubernetes – a platform that 96 percent of companies today report either using or considering – you’ll inevitably need to manage secrets securely inside Kubernetes. In some ways, this is a challenging task. Although Kubernetes provides some built-in capabilities to help manage secrets securely, these features have their limitations – …]]> https://www.aquasec.com/blog/introducing-kbom-kubernetes-bill-of-materials/ Thu, 29 Jun 2023 08:57:48 +0000 https://www.aquasec.com/?p=14376 SBOM (Software Bill of Materials) is an accepted best practice to map the components and dependencies of your applications in order to better understand your applications’ risks. SBOMs are used as a basis for vulnerability assessment, licensing compliance, and more. There are plenty of available tools, such as Aqua Trivy, that help you easily generate …]]> https://www.aquasec.com/blog/kubernetes-version-1-26-an-overview/ Thu, 08 Dec 2022 15:00:00 +0000 https://www.aquasec.com/?p=14533 Kubernetes Version 1.26 was released with 37 new enhancements including 11 Stable, 10 Beta, 16 Alpha, and 12 features deprecated or removed. In this blog, we will highlight its most notable features and show how using Trivy will help you find deprecated Kubernetes resources. registry.k8s.io, Generally Available The container image registry has changed from k8s.gcr.io …]]> https://www.aquasec.com/blog/kubernetes-1-24/ Mon, 25 Apr 2022 09:30:00 +0000 https://www.aquasec.com/?p=14831 With another Kubernetes release upon us, there are, as ever, a load of new features to consider. These include features to help companies use Windows containers securely and improvements in Kubernetes’ supply chain security. In this post, we’ll take a look at some of the more significant features of this release. Dockershim deprecation Undoubtedly, the …]]> https://www.aquasec.com/blog/kubernetes-rbac-privilige-escalation/ Wed, 06 Apr 2022 09:30:00 +0000 https://www.aquasec.com/?p=14889 Following on from our previous post on the risks of privilege escalation in Kubernetes via the node/proxy resource, we’re going to take a look at how users who have rights to the certificate signing request (CSR) API in Kubernetes might be able to use them to escalate their privileges in a cluster. In addition to …]]> https://www.aquasec.com/blog/privilege-escalation-kubernetes-rbac/ Thu, 03 Mar 2022 11:30:00 +0000 https://www.aquasec.com/?p=14960 One of the side effects of Kubernetes’ rich API and extensive functionality is that sometimes there are security implications to granting users permissions. Security architects should be aware of these side effects when designing platforms that use Kubernetes. In recent research with Iain Smart of NCC Group, we looked at how granting rights to node/proxy …]]> https://www.aquasec.com/blog/kubernetes-verbs/ Mon, 31 Jan 2022 15:30:00 +0000 https://www.aquasec.com/?p=14985 Kubernetes’ role-based access control (RBAC) system is a cornerstone of cluster security. Most clusters use RBAC to determine which users have access to specific operations, and its core elements are well covered in the Kubernetes documentation. However, there are some less well-known features that could be relevant when creating or using tools designed to ensure …]]> https://www.aquasec.com/blog/gke-autopilot-security/ Tue, 14 Dec 2021 14:14:18 +0000 https://www.aquasec.com/?p=15045 GKE Autopilot is a new mode of operation in Google Kubernetes Engine (GKE) launched earlier this year to help DevOps teams focus their time and resources on building applications on Kubernetes, rather than on managing the infrastructure that the applications run on. As Aqua Security is a GKE selected security partner, customers can now run the Aqua platform seamlessly on a GKE Autopilot cluster. This can allow them to address …]]> https://www.aquasec.com/blog/kubernetes-version-1-23-security-features/ Tue, 07 Dec 2021 12:21:47 +0000 https://www.aquasec.com/?p=15054 Like clockwork, a new Kubernetes release is upon us, with loads of interesting new features. A couple of the key features in Kubernetes 1.23 are hitting the beta level and will be enabled by default. In this post, we’ll explain what they mean for security, both in terms of improving cluster security and what you …]]> https://www.aquasec.com/blog/kubernetes-hardening-techniques/ Wed, 18 Aug 2021 10:00:00 +0000 https://www.aquasec.com/?p=15176 One of the main challenges developers face is how to manage security risks when deploying applications to Kubernetes clusters. A great way to address this early is by applying security hardening to the application manifests during the development process. In this post, we run down 10 ways that developers can apply hardening to their applications. …]]>