Rapid7 is excited to announce the general availability of our Kubernetes integration in InsightVM, our vulnerability management tool.This represents a step forward in Rapid7’s ability to provide vulnerability and remediation management capabilities for container environments.

Kubernetes is the most popular container orchestration tool by a wide margin and is a powerful tool for scaling and reducing unneeded scale from a container deployment. This provides the ability to adapt an organization’s environment on-demand and in an automated fashion. However, container images comprise software packages that represent opportunities to introduce risk via vulnerabilities present in those packages. Moreover, because a single container image may be instantiated multiple times, an organization’s attack surface is increased.

Rapid7 provides the ability to assess risk in containers via our container registry scanning capabilities and our integration with popular Continuous Integration/Continuous Deployment (CI/CD) tools such as Jenkins. The release of our Kubernetes integration to general ability adds upon this and allows customers to quantify the exposure of risks identified via our vulnerability assessments.

Deploying the Rapid7 Kubernetes Monitor

Integrating your Kubernetes environment with InsightVM can be accomplished by pulling the Rapid7 Kubernetes Monitor from DockerHub, deploy this to each cluster, and performing a few configuration steps. Once configured, data will appear in the Container Security section of InsightVM.

Viewing Kubernetes data

After the monitor is deployed and configured, users will see Kubernetes data in the following areas of the Container Security section of InsightVM:

Images Tab

Users are able to see and filter images identified on running hosts—both in Kubernetes and Docker hosts. InsightVM also indicates the number of Kubernetes pods specific container images have been deployed to.

Image Details Page

Users are also able to focus on individual images and gain a deeper understanding of its deployment in Kubernetes environments.

In the containers section of the Image Details page, users can see the namespaces and pod names in which the container image has been instantiated.

The namespaces section identifies the Kubernetes namespaces to which the container image has been deployed.

Kubernetes Containers tab

The Kubernetes Containers tab displays a complete burndown of all the containers identified via the Kubernetes Monitor and in the following columns:

  • Name: Displays the container name
  • Risk Score: The Real Risk score for all of the vulnerabilities associated with the container image.
  • Vulnerability Instances: The total number of vulnerability instances associated with the container image.
  • Pod Name: The name of the Kubernetes pod to which the container image has been deployed.
  • Repository: This identifies the repository in which the container image has been assessed. Container Images deployed that have not been scanned in a registry will show as empty, which can be helpful in identifying container images that have not been assessed.
  • Age: This identifies the length of time for which the container has been active.
  • ID: This identifies the container image ID associated with the container. This is also a hyperlink that will direct users to an Image Details page.

We think that this new feature will provide enormous benefits to customers who leverage Kubernetes.