To enhance Kubernetes security, Octarine has released two new open source security scanning tools.
The first tool is called Kubernetes Common Configuration Scoring System (KCCSS). It is said to be a new framework for rating security risks associated with misconfigurations. Kube-scan, the second open-sourced tool, is a workload and assessment tool to scan Kubernetes configurations and settings to identify and rank potential vulnerabilities in applications within minutes.
To give flexibility to developers, Kubernetes puts more than 30 security settings under the control of development teams who often have limited security expertise. This makes it easy for applications to inadvertently end up with misconfigurations and associated vulnerabilities, Octarine added.
KCCSS is said to be similar to the Common Vulnerability Scoring System (CVSS), but instead focuses on the configurations and security settings themselves. kube-scan is a free and open security assessment tool based on KCCSS that analyzes more than 30 security settings and configurations and Kubernetes policies to establish a risk baseline.
Both the tools leverage the CIS Compliance Benchmarks for Docker and Kubernetes 1.6 and 1.7. Octarine said that these tools will be maintained to support all future versions.
KCCSS and kube-scan are available now on GitHub.