Kubernetes Configuration Scanning

Find and fix cloud-native application configuration security issues before you deploy to Kubernetes

Find and fix Kubernetes security issues prior to deployment

Save time – and avoid emergency meetings with your security team – by checking your Kubernetes configuration files as you write them, instead of much later when workloads are deployed.

Snyk’s Kubernetes configuration scanning allows you to determine whether your workload’s specifications are safe by analyzing the configuration code stored in your source code management system.

Developer-focused fixes for Kubernetes workload configurations

Learning to write Kubernetes workload configurations is a challenge by itself. Figuring out the security aspects and adding that to the configuration is another layer of complexity. Snyk’s Kubernetes configuration checks provide guidance and fixes in context, so it’s easy to understand and implement directly in your configuration code.

Configuration alerts categorized by risk level, so you can prioritize your efforts, and our advice includes information about the risk factors of the misconfiguration, to help you determine the best settings to use.

The challenge of Kubernetes security

The Kubernetes API is a powerful abstraction for building cloud native systems. With this rich API, developers control not just their application code, but also the code that configures their application at runtime. These configurations are stored in code repositories, tested in CI, and increasingly being deployed automatically.

Yet the security aspects of these configurations are often not well understood and configuration risks are often not discovered until after clusters and applications are live. Remediation of the live environment typically only addresses the running state – ideally the code used to deploy the workload should be fixed to address the problem at its source and prevent redeploying bad configurations.

Over 2 million Kubernetes configuration files are publicly available on Github alone

42.2% of respondents to the SANS 2019 Cloud Security Survey cited “misconfiguration of cloud services and/or resources” as being responsible for security breaches in their cloud attacks.

How Snyk helps address Kubernetes security challenges

Snyk moves the security controls for Kubernetes configurations to the beginning of the development lifecycle, so developers can proactively determine whether their application’s specifications are safe and address potential risks. Snyk’s developer-first approach enables us to integrate with normal development workflows, test configuration code stored in source code repositories and help developers remediate issues in their normal workflows.