Kubernetes Security Scanning: The 4 Tools You Actually Need

When it comes to Kubernetes tooling, the landscape is noisy and doesn't always have your back. Finding the right tools can be ... somewhat painful.

In this video, we cut through the noise and set up a standardised stack for day two security operations. These tools are the industry standard to secure the platform and the workloads running on top of it.

The Security Stack Covered:

• KubeBench (Aqua Security): Checks your cluster against the CIS benchmarks—the global rulebook for hardening Kubernetes.
• KubeHunter: Acts as a "red team" actively probing your cluster for open ports and backdoors.
• Sonobuoy: The official CNCF conformance tool to ensure your API behaves correctly and guarantees interoperability.
• Syft & Grype (Anchore): Generates an SBOM and scans your container images for vulnerabilities (CVEs) like log4j.

Finally, I'll show you how to automate this entire stack using Spectro Cloud Palette to turn these scans into a simple toggle box operation.

Links:

• Spectro Cloud: https://www.spectrocloud.com/

Resources related to this video will be displayed here, including links, downloads, and additional materials.