Security Report

Extensive Kubernetes configuration can pose a challenge to cluster security. CAST AI Security Report offers a solution to this issue.

The feature lets you scan your cluster for potential vulnerabilities and check it against industry best practices to find out how to secure it optimally.

Security Report is available to all users who have connected a cluster in the CAST AI console – you can find it in the main menu.

How it works

CAST AI Security Report uses cluster state data collected by the [read-only agent]. This is the same agent that connects your cluster to CAST AI, so no additional action is required to activate the report.

Once connected, the platform analyzes your cluster state data and provides you with insights organized into three main sections.

Information on image scanning

You can get informed about vulnerabilities detected in operating system packages and libraries when running images in Kubernetes clusters connected to CAST AI. The platform assesses your private image for known vulnerabilities once it detects it.

Information provided in the report comes from various vulnerability databases and security advisories. Runtime vulnerability scan detects issues that bypassed the security scan in the deployment environment.

What’s inside the Security Report

The report consists of three main parts: Overview, Best Practices, and Vulnerabilities – each providing you with distinct insights.

Overview

This part of the report gathers key security insights, allowing you to understand how the detected security issues have changed over time.

This part of the report displays two key sections:

– Issues grouped by severity – from low to critical. This report delivers the total number of failed checks performed recently within this connected cluster.

– Cluster resource checks summarize information on how many of your resources have issues and how many are issue-free. They get checked for misconfigurations (Best practices) and potential vulnerabilities (Vulnerabilities).

Best Practices

This report helps you assess your cluster's security posture against industry and DevOps best practices. The platform's standards are based on CIS Kubernetes Benchmark, NSA, OWASP, and PCI recommendations for Kubernetes.

CAST AI uses a transparent issues scoring and prioritization system for these checks so you can plan and spend effort where needed.

The Best Practices report consists of two main sections:

– Summary of best practice checks shows the number of failed checks in this category with their severity levels.

– List of failed checks displays more in-depth information on each check, referring to relevant standards, and showing its severity and the number of affected resources. You can get a detailed issue description by clicking on a failed check name, including its severity level and score, category, and CVSS v3.1 vector.

CAST AI uses the CVSS v3.1 standard to determine the issue's severity score and severity level.

Once you open the sidebar panel with more detailed information, you can also check other resources impacted by the same issue.

Vulnerabilities

This part of the Security Report displays information about the security of container images and operating systems. In addition, it lists all potential vulnerabilities in one place.

The Vulnerabilities Report contains two main sections:

– Total count of vulnerabilities in your cluster with their severity levels.

– List of vulnerable objects with more information on their type, affected resources, and severity levels. By clicking on an object name on the list, you can get more details on its vulnerabilities and affected resources.

Vulnerabilities contain a list of relevant Common Vulnerabilities and Exposures (CVE). You learn more about each CVE by clicking on its name – this will open a new browser tab with relevant information.

Affected resources list Kubernetes resources related to the object identified as vulnerable.