Only StackRox identifies misconfigurations across images, containers, clusters, Kubernetes, and network policies, preventing the accidental exposures that put your systems at risk.
Image configuration checks
Along with scanning images for vulnerabilities, it’s essential to also look for misconfigurations. The StackRox Kubernetes Security Platform assesses image configurations against industry best practices and CIS benchmarks to decrease your security risk before containers are deployed and running. Use StackRox to fail builds that violate best practices or your internal policies.
Container configuration controls
Identify and remediate misconfigurations such as inappropriate access to secrets, heightened privileges, and excessive network exposure. Beyond identifying these security risks, StackRox also pinpoints configurations that violate DevOps best practices, such as failing to set resource constraints.
Kubernetes configuration protections
A core value of our deep integrations with Kubernetes is the ability to identify misconfigurations in your Kubernetes setup. StackRox includes out-of-the-box policies that pinpoint mis-steps such as exposed dashboards or metadata that put your broader environment at risk. We also help ensure role-based access control (RBAC) permissions are set correctly.
Network policy configuration
The default setup in Kubernetes is to support open communications among all assets. The StackRox platform identifies which communication paths are not needed to support an application and generates updated policies that remove those permissions.
A big problem that StackRox solves for us is understanding how everything’s configured. Kubernetes is a beast, with lots of moving parts, and StackRox shows us where we need to tighten things up.