We use cookies to ensure you get the best experience on our website.Read moreRead moreGot it

close
  • Products
    • Products
      • Snyk Open Source (SCA)
        Avoid vulnerable dependencies
      • Snyk Code (SAST)
        Secure your code as it’s written
      • Snyk Container
        Keep your base images secure
      • Snyk Infrastructure as Code
        Fix misconfigurations in the cloud
    • Platform
      • What is Snyk?
        See Snyk’s developer-first security platform in action
      • Developer Security Platform
        Secure all the components of the modern cloud native application in a single platform
      • Security Intelligence
        Access our comprehensive vulnerability data to help your own security systems
      • License Compliance Management
        Manage open source license usage in your projects
    • Self-paced security education with Snyk Learn
  • Resources
    • Using Snyk
      • Documentation
      • Vulnerability intelligence
      • Product training
      • Customer success
      • Support portal & FAQ’s
    • learn & connect
      • Blog
      • Community
      • Events & webinars
      • DevSecOps hub
      • Developer & security resources
    • Self-paced security education with Snyk Learn
  • Company
    • About Snyk
    • Customers
    • Partners
    • Newsroom
    • Snyk Impact
    • Contact us
    • Jobs at Snyk We are hiring
  • Pricing
Log inBook a demoSign up
All articles
  • Application Security
  • Cloud Native Security
  • DevSecOps
  • Engineering
  • Partners
  • Snyk Team
  • Show more
    • Vulnerabilities
    • Product
    • Ecosystems
kubernetes configuration
Cloud Native Security

Fixing insecure Kubernetes configuration at the source

Gareth RushgroveApril 8, 2020

We’re happy to announce today the public availability of a whole new feature in Snyk, to help you find and fix security issues in your Kubernetes configuration files.

Configuration management shifting left

Traditionally, developers have been responsible for just writing the code — someone else was responsible for quality. Yet another person was responsible for deploying it. And, another team was responsible for running it in production. But increasingly we’re seeing more and more responsibilities shift to the development teams, with specialists providing expert support and consultancy. We’ve seen software packaging move from a specialism in IT, to developers writing Dockerfiles. We’ve seen the rise of DevOps, “you build it, you run it” and development teams owning services in production. And we’re now also seeing configuration increasingly become a developer domain problem with the rise of infrastructure as code and tools like Terraform, Kubernetes and AWS Cloud Formation.

Guy Podjarny, one of the founders of Snyk, has recently written about the growing scope of the application. One of the things we’ve been thinking about for a long time at Snyk is what these shifts mean for security, and how to help developers out there with these new responsibilities.

Managing all your application vulnerabilities in one place

The growing scope of the application means more and more different types of security issues fall into the developers’ domain. Snyk already helps developers find vulnerable dependencies in Java, Python, Go (and more) applications, as well as in Docker container images. We now want to help find and fix security issues in your Kubernetes configuration files. This is powerful on its own, but combined with our other tools it’s even more interesting. With Snyk you can now see the vulnerabilities in libraries you rely on, as well as whether the configuration that runs your app in production leaves those vulnerabilities wide open to attackers.

Fixing the problem at its source

For the first release of our new Kubernetes configuration security features, we are focused on integrating directly into your source control system of choice. We’re launching initially with support for GitHub, GitLab, BitBucket Cloud, and Azure Repos. To get started, just import your repositories into Snyk and you’ll see a new type of project for the Kubernetes configuration files:

get started with snyk's kubernetes configuration security features step 1

Clicking on those projects reveals a new page that shows all of the issues we’ve detected. Do you have pods running as root? Or without read-only file systems? Or with all the capabilities of the Linux host? Snyk detects those problems and puts them in context for you.

get started with snyk's kubernetes configuration security features step 2

Not just for Kubernetes experts

As a project like Kubernetes becomes more popular, an increasing number of end-users want to use it without necessarily having to become experts in all of the minutia. Much of what we’re highlighting in this new feature is well-known in the Kubernetes contributor community, but it’s still too easy to make mistakes. Many new users won’t even know about the various configuration options that can make their Kubernetes applications more secure. With this feature, we aim to help more developers adopt Kubernetes securely. 

Try the new functionality today

This feature is available to ALL Snyk users on free and paid plans. We are rolling out the feature steadily and the plan is to have it enabled on every account in a week or so. If you are an on-premises Snyk customer, please contact your account team to discuss our on-prem support options. If you’re not already a Snyk user, sign up for a free account here.

Thanks to all of the beta users who provided valuable feedback on the features so far, and look out for lots of enhancements coming soon. Check out the documentation for the setup instructions to get started, and let us know what you think.

Log4Shell resource center

We’ve created an extensive library of Log4Shell resources to help you understand, find and fix this Log4j vulnerability.

Browse Resources
Footer Wave Top
Patch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo Segment
Develop Fast.
Stay Secure.
Snyk|Open Source Security Platform
Sign up for freeBook a demo

Product

  • Developers & DevOps
  • Vulnerability database
  • Pricing
  • Test with GitHub
  • API status
  • IDE plugins
  • What is Snyk?

Resources

  • Snyk Learn
  • Blog
  • Security fundamentals
  • Resources for security leaders
  • Documentation
  • Snyk API
  • Disclosed vulnerabilities
  • Open Source Advisor
  • FAQs
  • Website scanner
  • Japanese site
  • Audit services
  • Web stories

Company

  • About
  • Snyk Impact
  • Customers
  • Jobs at Snyk
  • Snyk for government
  • Legal terms
  • Privacy
  • Press kit
  • Events
  • Security and trust
  • Do not sell my personal information

Connect

  • Book a demo
  • Contact us
  • Support
  • Report a new vuln

Security

  • JavaScript Security
  • Container Security
  • Kubernetes Security
  • Application Security
  • Open Source Security
  • Cloud Security
  • Secure SDLC
  • Cloud Native Security
  • Secure coding
  • Python Code Examples
  • JavaScript Code Examples
Snyk|Open Source Security Platform

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.

Resources

  • Snyk Learn
  • Blog
  • Security fundamentals
  • Resources for security leaders
  • Documentation
  • Snyk API
  • Disclosed vulnerabilities
  • Open Source Advisor
  • FAQs
  • Website scanner
  • Japanese site
  • Audit services
  • Web stories

Track our development

© 2022 Snyk Limited
Registered in England and Wales
Company number: 09677925
Registered address: Highlands House, Basingstoke Road, Spencers Wood, Reading, Berkshire, RG7 1NT.
Footer Wave Bottom