StackRox integrates with Google Artifact Registry to secure software supply chains on GCP

As the brainchild behind the Borg project – the predecessor to Kubernetes – Google Cloud is at the forefront of enabling the move towards microservices architectures, containerization, and Kubernetes. As the only Kubernetes-native container security solution provider, StackRox is a leader in Kubernetes Security and has partnered with Google Cloud on several fronts to help joint customers secure their cloud-native stack and address their share of the security responsibility.

Customers leverage our deep integration with Google Cloud services such as Google Kubernetes Engine (GKE), Anthos, Container-Optimized OS, Cloud Security Command Center, Google Container Registry, and Google Container Analysis, to protect their cloud-native applications. The StackRox Kubernetes Security Platform automates DevSecOps, shifts security left, and addresses several key security use cases spanning the entire container life cycle, including:

-Vulnerability management - detects and mitigates the threat from high risk vulnerabilities, leveraging integration with CI/CD tooling, existing image scanners (or using StackRox scanner), and image registries, while monitoring running deployments for newly discovered vulns

-Configuration management - provides developers with automated checks that act as guardrails to ensure that the infrastructure and workloads are configured securely and ready for production

-Compliance - automates compliance and audit reporting with standard-specific checks for CIS Benchmarks, NIST, PCI, and HIPPA

-Runtime detection and response - continuously monitors runtime behavior to detect anomalous activity, including malicious process executions, network connections and flows, and privilege escalation, with automated response ranging from alerting to killing and restarting impacted Kubernetes pods or containers

This post takes a closer look at our integration with Google Cloud’s Artifact Registry, now generally available.

Definitive Guide to GKE Security eBook

This ebook takes a deep dive into GKE security, including how to build secure images and clusters, secure the network, and protect running workloads.

Download Today

Google Cloud’s Artifact Registry alleviates the pain associated with managing the artifacts that make up your cloud-native applications, including your container images.

“We’re excited to launch the general availability of Artifact Registry created to help DevOps and IT teams deploy software, faster and safer,” said Juan Sebastian Oviedo, Product Manager at Google Cloud. “Solutions from our partners can help extend these capabilities, including StackRox’s container security platform which can protect cloud-native applications across the entire software life cycle.”

StackRox integrates with your CI/CD tooling – including Google Cloud’s own Cloud Build – and Artifact Registry to ensure that you are scanning your images for common vulnerabilities at build time, including language-level and OS-level vulnerabilities. Our deep integration with Kubernetes allows us to enforce vulnerability policies at deploy time using Kubernetes admission controls.

In addition, StackRox combines CVE data derived from image introspection with other risk factors, such as deployment misconfigurations – including exposed secrets or insecure network policies, runtime anomalies, and other contextual information – to identify the top issues that need immediate attention.

What differentiates StackRox is our Kubernetes-native approach to securing containerized applications that leverage the rich context, declarative data, and the robust controls built into Kubernetes to:

  • Discover, analyze, and monitor data directly from Kubernetes clusters

  • Enforce security policy natively through the Kubernetes API using admission control, deployment scaling, and the pod lifecycle

  • Manage and enforce network segmentation natively with Kubernetes network policies

Effectively securing containers means your security solution must fit into the DevOps workflows and tooling. StackRox’s integration with Google Cloud’s Artifact Registry ensures that security is built into the workflows developers are familiar with. We’d love to show you the StackRox platform in action – in Google Cloud or any other Kubernetes deployment – sign up for your personal demo here.