Image Assurance

The goal of CloudGuard image assurance for Kubernetes is to analyze Kubernetes images and detect Vulnerability, Exploits, Malware, Viruses, Trojans, credential leakage, and other threats.

The agents continuously scan all deployed images in runtime to ensure that your production environments are not compromised.

Instructions

Step

Instructions

1

Before Running this lab,

You should unassociate all the polices from your cluster.

2

  1. Navigate to Workload protection > Vulnerabilities > Rulesets.

  2. Click on Container Image Assurance ruleset.

3

Click “Add Policy” at the right top corner and select Environment Policy.

4

Select Logic-Default-Console-Notification and click Save.

5

Deploy a new deployment:

We will deploy a vulnerable container on the Kubernetes Server,

Execute the following command in the SSH window on the Kubernetes Server VM:

kubectl create deployment log4jdemo --image=ghcr.io/christophetd/log4shell-vulnerable-app:latest

6

Navigate to the Assets > Protected Assets.

Filter for your environment and Asset Type: Kubernetes Image.

7

Click on the Kubernetes Image: ghcr.io/christophetd/log4shell-vulnerable-app:latest:

Click on the Posture Findings tab and add category filter : ImageScan.

Note - It can take several minutes until the image will appear and will be scan.

8

Navigate to Workload Protection > Dashboard,

There you will see relevant data about discovered vulnerabilities and critical alerts.

9

  1. Navigate to the Rulesets section in the CSPM tab.

  2. Filter for Platform: Kubernetes and search for CIS Kubernetes Benchmark.

  3. Run the latest available CIS Kubernetes Benchmark ruleset assessment against your cluster.

10

Explore the Assessment Results to learn more.