Configuration of Image Vulnerabilities Integration

Image vulnerability related controls

Application vulnerabilities are essential part of Kubernetes security posture. Kubescape offers controls that check the relation between the Kubernetes manifest and image vulnerabilities.

When this feature is enabled, Kubescape will combine the image vulnerability information with the content in the Kubernetes manifest files for accurate results.

The feature is enabled by running Kubescape with an API token.

Generate an API-token

  1. Navigate to the armosec.io
  2. Click Profile(top right icon)->"User Management"->"API Tokens" and generate a token
  3. Copy the clientID and secretKey and add to the scanning command when running the Kubescape cli OR when installing the Kubescape helm chart

Note: Copy and save the ID and secret because it will not appear again.

Add authentication keys to Kubescape CLI

Prerequisites

Install the kubescape helm chart in the cluster (as described in the kubescape helm chart). This is crucial since the image vulnerability scanning is triggered by the Kubescape helm chart and without this Kubescape will not have any image vulnerabilities to test

Trigger Kubescape scan

kubescape scan --submit --account=<account ID> --client-id=<generated client id> --secret-key=<generated secret key> 

Add authentication keys to Kubescape Helm installation

When installing the helm chart (as described in the installation of kubescape helm chart in a cluster), set the clientID and secretKey values.

helm upgrade --install armo  armo/armo-cluster-components -n armo-system --create-namespace --set clusterName=`kubectl config current-context` --set accountGuid=<account ID> --set clientID=<generated client id> --set secretKey=<generated secret key>

Did this page help you?