Open in app

Sign in

Write

Sign in

Home

Following

Library

Stories

Stats

Mastodon
techbeatly

Articles and how-to’s on #ansible, #openshift, #kubernetes #terraform and other #devops technologies. https://www.techbeatly.com

Follow publication

Conduct Vulnerability Management for Your Kubernetes Applications

Renjith Ravindranathan
techbeatly
Published in
6 min readJul 1, 2021

Kubernetes is an open source container orchestration tool initially developed by Google and subsequently handed over to the Cloud Native Computing Foundation (CNCF). Kubernetes offers a highly resilient infrastructure that flawlessly manages containerized application deployment and enables auto-scaling and self-healing capabilities with zero downtime.

By default, Kubernetes comes with plain security, which means we have to harden every component associated with it. Securing Kubernetes is a complex task, considering the underlying components and interdependencies that are part of it. We need to consider various factors when securing Kubernetes, starting with secure development and application building and deployment.

This article will take you through the things that can be done to secure Kubernetes clusters and workloads using best practices and OSS tools.

We can inject security at three different levels:

  1. Security in the Build Phase
  2. Security in the Deploy/Run Phase
  3. Security in the Infra Platform

1. Security in Build Phase

Before we go into the details, please note that the CI/CD pipeline used in the example is from Azure Pipelines.

a. Software Composition Analysis (SCA)
SCA is a part of the application security testing tool suite, which helps manage open source libraries used during application development. There are many OSS libraries available on the internet, but when you use them for enterprise application development, you might be infringing the licenses written by the OSS companies. Luckily, we have WhiteSource, a prominent player in open source software security and compliance management.

WhiteSource Bolt is part of the WhiteSource security suite, which has been specifically developed to integrate with Azure DevOps, Azure DevOps Server, and GitHub Actions. Bolt works seamlessly in the continuous integration (CI) phase by scanning all the libraries used in the application source code and generating a detailed summary of libraries with security flaws, and lists the licenses being consumed. There is a free WhiteSource Bolt extension…

Create an account to read the full story.

The author made this story available to Medium members only.
If you’re new to Medium, create a new account to read this story on us.

Continue in app
Or, continue in mobile web

Already have an account? Sign in

techbeatly
techbeatly

Published in techbeatly

159 Followers
Last published Feb 17, 2025

Articles and how-to’s on #ansible, #openshift, #kubernetes #terraform and other #devops technologies. https://www.techbeatly.com

Renjith Ravindranathan
Renjith Ravindranathan

Written by Renjith Ravindranathan

728 Followers
36 Following

DevOps by day, dad and traveler by heart. I have a soft spot for breathing new life into old tech. Currently calling the Netherlands home.

No responses yet

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech