Snyk Documentation

Kubernetes integration overview

Snyk integrates with Kubernetes, enabling you to import and test your running workloads in order to identify vulnerabilities in their associated images and configurations that might make those workloads less secure. Once imported, Snyk continues to monitor those workloads, identifying additional security issues as new images are deployed and the workload configuration changes. Integration with Kubernetes is available as part of all of our plans, including free tier.

How it works

  1. Your admin installs a controller on your cluster, authenticating the integration with a unique ID generated from the Snyk account.
  2. The controller communicates with the Kubernetes API to determine which workloads (for instance the Deployment, ReplicationController, CronJob, etc.) are running on the cluster, find their associated images and scan them directly on the cluster for vulnerabilities.
  3. From Snyk, collaborators select which workloads to import.
  4. For each workload that your collaborators import, Snyk displays the vulnerabilities found in each image as well as a summary of configuration issues identified with the workload.
  5. Snyk monitors your imported workloads on an ongoing basis, reporting on new vulnerabilities as they are disclosed whenever they affect your projects.
  6. Based on your configurations, if vulnerabilities are found, Snyk notifies you via email or Slack so that you can take immediate action.

Read more about how: