Securing Kubernetes With Anchore
Allow or prevent deployment of images based on flexible Anchore policies and see the inventory of insecure images running in your clusters
How Anchore Works With Kubernetes
Anchore can be integrated with your Kubernetes environment using one of two methods. Using an Admission Controller, Anchore ensures that only images that meet your organization’s policies can be deployed. Images that do not comply, or that fall out of compliance due to the discovery of new security vulnerabilities, can be blocked from running in your environment. Using Anchore’s Kubernetes Asset Inventory agent, a full list of active or recently active containers and their security status can be cataloged.
Start By Securing Your Pipeline
Anchore is deployed as part of the CI/CD pipeline to scan container images as they are built, validating them against user defined policies. These policies can include checks on security vulnerabilities, package whitelists, blacklists, configuration file contents, presence of credentials, manifest changes, exposed ports or other user-defined checks. Once a repository is scanned, Anchore monitors it for updates and rescans as necessary.
Use Policies To Govern Deployment
Anchore can be integrated with Kubernetes using an admission controller to prevent insecure deployments or using a read-only agent to verify running instances. Anchore uses native Kubernetes APIs and does not require any configuration changes or privileged containers to be installed.
How To Get Started
Try our Anchore open source tools today or request a trial of Anchore Enterprise