By Reuven Harrison
As Kubernetes adoption continues to skyrocket, more eyes are looking at it and finding vulnerabilities in its code and configurations.
As a security-aware Kubernetes owner, you should track newly-discovered vulnerabilities and ensure that your Kubernetes patches are up to date and that your cluster is properly configured to eliminate known vulnerabilities.
We recently enhanced Tufin SecureCloud to help you track your Kubernetes vulnerabilities.
Testing your Kubernetes Cluster for Vulnerabilities
- Register to SecureCloud and follow the instructions to connect it to your cluster
- Open the Tufin SecureCloud dashboard and see if you have any vulnerabilities
- If vulnerabilities exist in your version, upgrade your cluster or apply required patches
Testing for Kubernetes Vulnerabilities through an API
As mentioned above, new Kubernetes vulnerabilities are being discovered frequently, so even if your cluster is secure today, it may still become vulnerable tomorrow.
We recommend testing your cluster for vulnerabilities frequently as follows:
export VERSION=`kubectl version --short | grep Server | cut -d: -f2 | tr -d " "`
export DOMAIN=<your SecureCloud domain name>
export PROJECT=<your SecureCloud project name>
export TOKEN=<your SecureCloud security token with scope 'all'>curl -s -H "Authorization: Bearer $TOKEN" "https://orca.tufin.io/audit/$DOMAIN/$PROJECT/vulnerabilities?version=$VERSION&component=kubernetes"
An empty response means you are free of vulnerabilities, otherwise you should update the cluster.
The Public Kubernetes Vulnerabilities Database
For the benefit of the Kubernetes community we have created this public Kubernetes vulnerabilities CVE database.
Pull requests are welcome!
