ARMO adds CIS benchmark to Kubescape to help users scan Kubernetes and CI/CD pipelines
One of the Center for Internet Security’s industry standard benchmarks, the CIS Kubernetes benchmark is one of the most comprehensive security frameworks for Kubernetes, distilling best practices and standards into a rigorous set of checklists. With the new addition to Kubescape, users can now scan their Kubernetes clusters against the CIS Kubernetes framework.
The CIS Kubernetes benchmark is supported by Kubescape alongside other security frameworks including NSA-CISA and MITRE ATT&CK. Users can use all frameworks, choose just their preferred framework, or customize their own customized framework, choosing which controls to include or exclude from the scans.
Kubescape shows which CIS controls a Kubernetes infrastructure passes, which tests fail and precisely what caused the failure. Exposing the root causes of security benchmark failures, Kubescape’s assisted remediation also suggests how to fix the problems and harden Kubernetes so that the tests will pass at the next scan.
Kubescape calculates risk scores based on the CIS Kubernetes framework and tracks them over time to show how organizations are improving their security posture or drift from standards. It can also generate reports based on the CIS framework for management, audits and compliance certification such as SOC 2, PCI, NIST, HIPAA, and others. Uniquely, Kubescape is the only open source solution that automates the entire process from scanning to remediation through to reporting.
Because Kubescape runs automatically throughout the CI/CD pipeline, scanning against the CIS Kubernetes benchmark and other frameworks takes place across the software development lifecycle, from the moment the first YAML line is written, committed to a repository, and all the way through to production.
“The CIS Kubernetes benchmark is the leading framework used for compliance purposes,” said Shauli Rozen, CEO & co-founder of ARMO. “I am thrilled that now Kubescape makes it easier than ever to scan Kubernetes and CI/CD pipelines using the CIS baseline, and to get clear, transparent guidance on how to fix failed controls and reach compliance. We heard from the Kubescape community that CIS benchmark support was a much-demanded requirement, and see incorporating it as another step in Kubescape’s journey to become a complete end-to-end open source Kubernetes security solution.”