Validating Container Security with Fairwinds Insights

Written By: Andy Suderman

Overview: What Is Container Security?

Why Container Security Is Important

“According to a 2020 survey by 451 Research, over a 12 month period 94% of organizations reported a serious security incident in K8s and container environments.”

Container Security Risks

Container Security Challenges

Container Security in Kubernetes

What Is Container Scanning?

  1. Integrate image scanning into the CI/CD pipeline: it’s best to scan components as you build your containers. If you build with vulnerabilities, they’ll be part of your containers and images — you need to remediate the vulnerabilities and rebuild the containers and images. Integrating image scanning to detect and block vulnerabilities before the code enters the pipeline helps you shift security left, improving your DevSecOps practice.
  2. Scan your container registry: the container registry is where you store all of your application images, and it may hold hundreds or thousands of images built from different sources, including third-party locations. One vulnerability or insecurity configuration could result in a threat to your registry and your application. Continuously scan your registry for any change in vulnerability status automatically — and make sure you scan every image to identify and prevent potential incoming threats.
  3. Open source vulnerability scanning at runtime: to achieve optimal container security, you can’t just scan the registry — you need to automate continuous scanning to identify new CVEs as soon as they are identified. Continuous, automated scanning helps you detect new vulnerabilities, report findings to your security team, and remediate them quickly. Because your environment may contain multiple applications and clusters, it’s best to have visibility into container vulnerabilities across environments, so you can prioritize remediation efforts.

Ongoing Container Scanning Is Critical

Container Security Validation