News

New No-Cost Tool for Devs To Secure Kubernetes Deployments

• By John K. Waters
• May 18, 2020

DevSecOps solutions provider Alcide has released a beta version of a new solution designed to provide "end-to-end continuous security guardrails" for Kubernetes deployments.

Called sKan, it's an open and free command-line tool that puts many of the capabilities of the Alcide Kubernetes Advisor vulnerability scanner into the hands of developers, DevOps teams, and Kubernetes application builders.

"We keep hearing from our customers that they want to bring Kubernetes security insights to developers early on," Gadi Naor, Alcide's CTO and co-founder, told ADTmag. "sKan stretches our main security platform into the comfort zone of the developers who are building applications running on Kubernetes in the most automated and seamless manner, without interrupting their development workflow."

The Tel Aviv-based company's Alcide Kubernetes Advisor is a Kubernetes multi-cluster vulnerability scanner designed to "covers rich Kubernetes and Istio security best practices and compliance checks. sKan, which is powered by the tech behind the Advisor, plus the Open Policy Agent (OPA) policy engine, is a "software translation" of DevSecOps culture and shifting security left into the hands of developers building Kubernetes-based apps, Naor explained. It helps to fill "the Kubernetes security skills gap" engineering teams often experienced by providing developers and DevOps teams with a tool designed to provide immediate feedback on security issues, risk, hardening, and best practices of Kubernetes deliverables, before committing to a single line of code or deploying, he said.

sKan was designed to allow developers to scan Kubernetes configuration files such as .yaml files, published Helm charts, or Kustomize command line tools as part of their CI pipeline. "While scanning source code for security vulnerabilities is a common practice," the company said, "possible configuration errors in Kubernetes environments are often overlooked and vulnerabilities therefore are often unknowingly introduced into production." Alcide's sKan effectively serves as a checkpoint in the development workflow.

sKan is open and free, and Naor says his company plans to keep it that way, with a possible paid-support version available in the future.

More information is available on the company's Web site.