Image vulnerabilities integration

Application vulnerabilities are an essential part of Kubernetes security posture. Kubescape offers controls that check the relation between the Kubernetes manifest and image vulnerabilities.

When this feature is enabled, Kubescape combines the image vulnerability information with the content in the Kubernetes manifest files for more accurate results.

The feature is enabled by running Kubescape with an API token.

Generate an API-token

  1. Navigate to the Kubescape Cloud Platform
  2. Click Profile (top right icon) > User Management > API Tokens and generate a token
  3. Copy the clientID and secretKey, and then add them to the scanning command when running the Kubescape cli OR when installing the Kubescape helm chart

Note: Copy and save the ID and secret because it will not appear again.

Add authentication keys to Kubescape CLI

Prerequisites

Install the kubescape helm chart in the cluster (as described in the kubescape helm chart). This is crucial since the Kubescape operator triggers the image vulnerability scanning and without this, Kubescape does not have any image vulnerabilities to test

Trigger Kubescape scan

kubescape scan --submit --account=<account ID> --client-id=<generated client id> --secret-key=<generated secret key> 

Add authentication keys to your Kubescape installation

When installing the helm chart, set the clientID and secretKey values.

helm upgrade --install kubescape kubescape/kubescape-cloud-operator -n kubescape --create-namespace --set clusterName=`kubectl config current-context` --set account=<account ID> --set clientID=<generated client id> --set secretKey=<generated secret key>