Best Practice

Make sure your cluster configuration follows industry standards best practices.

Suggest Edits

The Best Practice report on the CAST AI platform allows you to evaluate your cluster's security posture compared to the industry and DevOps best practices. These checks have been designed with the aim of ensuring that all your resources comply with the security and operational standards set for Kubernetes as per CAST AI or CIS for Kubernetes benchmarks.

CAST AI employs a transparent system that scores and prioritizes issues, allowing you to allocate resources where needed and simplifying communication with the security team. To determine the issue's severity score and level, CAST AI uses the CVSS v3.1 standard.

What's inside

The Best Practice report can be accessed from the top left corner of the page: Org security > Best Practice.

πŸ“˜

Note

Enabling the CAST AI Security is required to receive a full assessment of your cluster since this feature only provides a limited number of best practices by default. Please refer to the Getting Started section.

Report

The Best Practices report provides a list of findings related to best practices violations. It also offers more detailed information on each check, referring to the relevant standards and showing the severity of the issue and the number of affected resources. The list will provide you with information on the number of resources and clusters that violate these best practices and the severity level of each check. The severity level of the checks is identified using the CVSS scoring system.

To limit the view to the resource you want to see, you can use a filter located above the list. This filter can be applied based on the resource location, such as cluster or namespace, or by resource labels.

By clicking on a failed check name, you can get a detailed description of the problem and learn how to address it. The view will contain various information related to the check, such as its description, severity, remediation procedure, the number of affected resources, configurations associated with the check, and other relevant details.

Exceptions

The Best Practice exceptions feature allows you to exclude resources that do not comply with the best practice; however, you are willing to accept or remove the risk from the reporting.

To exclude specific resources, follow the steps below:

  1. Click on the check that you are interested in.
  2. Click on the Exceptions button located on the top left corner of the drawer. A new drawer will appear, displaying settings that allow you to exclude the check from specific clusters based on a defined condition on the right. If you only want to exclude a single resource, select the location of the resource, its name, and, optionally, its kind. You can create as many exception rules as you need.
  3. Once you created the exception rules, review the impacted resources in the table below Summary of resources that will be excepted:.
  4. If you are satisfied with the result, push theApply button.

You can now revise the excluded resources by selecting the Excluded value in the Resources filter in the Affected resources tab.

To remove exclusions, follow the steps below:

  1. Click on the check that you are interested in.
  2. Click on the Exceptions button located on the top left corner of the drawer. A new drawer will appear, displaying exception rules applied to the check.
  3. Modify or remove the rules as you need.
  4. Once you modified the exception rules, review them in the table below Summary of resources that will be excepted:.
  5. If you are satisfied with the result, push theApply button.

Updated 4 months ago