Overview

Kubernetes is a portable, extensible open-source platform for managing containerized workloads and services that facilitates both declarative configuration and automation. It has a large, rapidly growing ecosystem. Kubernetes services, support, and tools are widely available.

...

The Kubernetes Solution

The Mend Kubernetes scanner is a designated pod inside your Kubernetes cluster. When installed, it scans the entire cluster as a baseline for future changes and shows the full picture of libraries, images, alert, vulnerabilities, and licenses in your Mend portal. This pod then tracks changes in the cluster (for example, a new deployment or image modification), scans the container images and reports cluster security-related information, such as vulnerabilities per pod.

Kubernetes - Different from Other Market Solutions

• Coverage: With support for more than 200 coding language and over 12 databases on vulnerabilities, Mend for Containers is the best solution in terms of coverage.

• Holistic View: Getting a precise and updated view of your lifecycle, at any time during the deployment. From development to building to image, and real-time production monitoring.

• Enforcement: Decide when and how to enforce your rules and policies. Get immediate alerts as well as fail builds or prevent production traffic from getting to vulnerable pods.

• Management: Receive automated alerts, define your workflow and get designated dashboards to make sure you have the full picture at anytime.  

Integration into Your Existing Lifecycle

Mend for Containers integrates with more than 15 different tools: CI/CD, build tools, image registries, and container management platforms.

Sharing the Information with Team Members

A: Of course. One of the most important aspects is the communication and seamless workflow between team members. The information will be shared with team members according to the configuration and permissions.

A Secure Solution

A: Being a security company, we make sure to address the security aspects across our entire ecosystem. WKM (Mend Kubernetes Manager) is installed inside the customer’s cluster, thus making sure not to perform API calls from outside the cluster. In addition, it’s important to mention that no source code is scanned. Only descriptive information is sent to Mend.This page is available at: https://docs.mend.io/bundle/integrations/page/kubernetes.html