Application vulnerabilities are an essential part of Kubernetes security posture. Kubescape offers controls that check the relation between the Kubernetes manifest and image vulnerabilities.
When this feature is enabled, Kubescape will combine the image vulnerability information with the content in the Kubernetes manifest files for accurate results.
The feature is enabled by running Kubescape with an API token.
- Navigate to the Kubescape Cloud Platform
- Click Profile(top right icon)->"User Management"->"API Tokens" and generate a token
- Copy the clientID and secretKey and add to the scanning command when running the Kubescape cli OR when installing the Kubescape helm chart
Note: Copy and save the ID and secret because it will not appear again.
Install the kubescape helm chart in the cluster (as described in the kubescape helm chart). This is crucial since the Kubescape operator triggers the image vulnerability scanning and without this, Kubescape will not have any image vulnerabilities to test
kubescape scan --submit --account=<account ID> --client-id=<generated client id> --secret-key=<generated secret key>
When installing the helm chart (as described in the installation of kubescape helm chart in a cluster), set the clientID and secretKey values.
helm upgrade --install kubescape kubescape/kubescape-cloud-operator -n kubescape --create-namespace --set clusterName=`kubectl config current-context` --set account=<account ID> --set clientID=<generated client id> --set secretKey=<generated secret key>
Updated about 1 year ago