Managing Kubernetes Vulnerabilities

Tufin
Tufin
Nov 5 · 2 min read

By Reuven Harrison

As Kubernetes adoption continues to skyrocket, more eyes are looking at it and finding vulnerabilities in its code and configurations.

As a security-aware Kubernetes owner, you should track newly-discovered vulnerabilities and ensure that your Kubernetes patches are up to date and that your cluster is properly configured to eliminate known vulnerabilities.

We recently enhanced Tufin Orca to help you track your Kubernetes vulnerabilities.

Testing your Kubernetes Cluster for Vulnerabilities

  1. Register to Orca and follow the instructions to connect it to your cluster
  2. Open the Orca dashboard and see if you have any vulnerabilities
  3. If vulnerabilities exist in your version, upgrade your cluster or apply required patches

Testing for Kubernetes Vulnerabilities through an API

As mentioned above, new Kubernetes vulnerabilities are being discovered frequently, so even if your cluster is secure today, it may still become vulnerable tomorrow.

We recommend testing your cluster for vulnerabilities frequently as follows:

export VERSION=`kubectl version --short | grep Server | cut -d: -f2 | tr -d " "`
export DOMAIN=<your Orca domain name>
export PROJECT=<your Orca project name>
export TOKEN=<your Orca security token with scope 'all'>
curl -s -H "Authorization: Bearer $TOKEN" "https://orca.tufin.io/audit/$DOMAIN/$PROJECT/vulnerabilities?version=$VERSION&component=kubernetes"

An empty response means you are free of vulnerabilities, otherwise you should update the cluster.

The Public Kubernetes Vulnerabilities Database

For the benefit of the Kubernetes community we have created this public Kubernetes vulnerabilities CVE database.

Pull requests are welcome!

Tufin

Written by

Tufin

From the Security Policy Company. This blog is dedicated to cloud-native topics such as Kubernetes, cloud security and micro-services.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade