RBAC management is crucial to securing a Kubernetes cluster and ensuring compliance with regulations and industry standards. ARMO Platform includes an RBAC visualizer allowing administrators to see which privileges are assigned to any given user. Role-based access control—commonly known as RBAC—is the practice of assigning access to an organization’s resources whereby the level of access privilege depends upon an individual’s role in the organization.

Container adoption in enterprises continues to grow, and Kubernetes has become the de facto standard for deploying and operating containerized applications. At the same time, security is shifting left and should be addressed earlier in the software development lifecycle (SDLC). Security has morphed from being a static gateway at the end of the development process to something that (ideally) is embedded every step of the way. This can potentially increase the effort for engineering and DevOps teams.

We are happy to announce that ARMO Platform users can now utilize ChatGPT to quickly and easily create custom controls. ARMO is the first Kubernetes security company to offer this kind of integration. Read all about it 👇

In this article, we examine the impact of a shared responsibility model on end-user security administration in managed Kubernetes environments. We also explore typical difficulties and effective methods for securing these environments.

The popular open-source platform Kubescape by ARMO has been recently announced as a fully managed operator called a Charm for Canonical’s Charmed Kubernetes distribution. This collaboration between Canonical and ARMO is exciting for the solution it enables for end users, ultimately resulting in hardened and more secure Kubernetes environments.

Kubescape, an end-to-end open-source Kubernetes security platform, embarks on a new journey. Kubescape, created by ARMO, will fully migrate to the CNCF. This coincides with the launch of ARMO Platform, a hosted, managed security solution powered by Kubescape.

Security researchers at ARMO have found a high-severity vulnerability in the Kyverno admission controller container image signature verification mechanism. The vulnerability enables an attacker who is either running a malicious container image registry or is able to act as a proxy between the registry and Kyverno, to inject unsigned images into the protected cluster, bypassing the image verification policy. The vulnerability was introduced in version 1.8.3 and was fixed in version 1.8.5.

We are happy to announce that Kubescape now integrates with GitHub Actions. This allows users to identify issues as early and as clearly as possible, without ever leaving GitHub. Read all about it 👇

This article focuses on a critical missing component of Cloud Security Posture Management (CSPM): visibility into Kubernetes. Scroll down to read all you need to know about it.

A detailed overview of the Remote Code Execution (RCE) attacks, how it affects the Kubernetes infrastructure, and how the vulnerabilities of the K8 systems can be mitigated. Remote Code Execution (RCE) is a vulnerability in systems that cybercriminals can exploit to perform attacks. In RCE attacks, hackers execute malicious code in target systems remotely, irrespective of their location on the network. That’s because they don’t need the target systems to have the execution functionality.