...
The Kubernetes Solution
The WhiteSource Mend Kubernetes scanner is a designated pod inside your Kubernetes cluster. When installed, it scans the entire cluster as a baseline for future changes and shows the full picture of libraries, images, alert, vulnerabilities, and licenses in your WhiteSource Mend portal. This pod then tracks changes in the cluster (for example, a new deployment or image modification), scans the container images and reports cluster security-related information, such as vulnerabilities per pod.
...
Coverage: With support for more than 200 coding language and over 12 databases on vulnerabilities, WhiteSource Mend for Containers is the best solution in terms of coverage.
Holistic View: Getting a precise and updated view of your lifecycle, at any time during the deployment. From development to building to image, and real-time production monitoring.
Enforcement: Decide when and how to enforce your rules and policies. Get immediate alerts as well as fail builds or prevent production traffic from getting to vulnerable pods.
Management: Receive automated alerts, define your workflow and get designated dashboards to make sure you have the full picture at anytime.
Integration into Your Existing Lifecycle
WhiteSource Mend for Containers integrates with more than 15 different tools: CI/CD, build tools, image registries, and container management platforms.
...
A: Being a security company, we make sure to address the security aspects across our entire ecosystem. WKM (WhiteSource Mend Kubernetes Manager) is installed inside the customer’s cluster, thus making sure not to perform API calls from outside the cluster. In addition, it’s important to mention that no source code is scanned. Only descriptive information is sent to WhiteSourceMend.