Kubernetes and container security can be hard. We hear you. That's why #GKE now provides built in workload security posture management in public preview.
cloud.google.com/blog/products/…
🧵Let's dive in!
cloud.google.com/blog/products/…
🧵Let's dive in!
Once enabled for your clusters, GKE security posture scans your workloads on two dimensions:
- Misconfigurations (comparing against CNCF pod spec security standards
- OS level CVE vulnerabilities
These are surfaced in a snazzy dashboard with opinionated severity ratings
- Misconfigurations (comparing against CNCF pod spec security standards
- OS level CVE vulnerabilities
These are surfaced in a snazzy dashboard with opinionated severity ratings
Drill down and slice and dice to find the concerns that matter most.
GKE provides actionable advise on vulnerabilities...
... and configuration issues (comparing against the CNCF pod spec security standards):
Most importantly, GKE ties that advise to your running workloads. So there is no doubt about where these issues are lurking.
And for those of us that don't live in dashboards, concerns are logged in Cloud Logging. Use "sinks" to create pub/sub events for aggregation in SIEMs, ticketing systems, etc.
Other than loggging, all of this comes with GKE (Autopilot and Standard modes) at no extra charge!
• • •
Missing some Tweet in this thread? You can try to
force a refresh
