cluster-image-scanner icon indicating copy to clipboard operation
cluster-image-scanner copied to clipboard

Published 20 hours ago verified publisher icon SDA-SE

Remark wrt to the claim: prod ?

Open drwetter opened this issue 4 years ago • 1 comments

Hi Timo et al,

"Discover vulnerabilities and container image misconfiguration in production environments" -- I wouldn't scan in a productive cluster. Not sure, but I guess this was not what you meant?

Cheers, Dirk

drwetter avatar Aug 26 '21 18:08 drwetter

Hi @drwetter,

sorry for the delay!

production is what we mean. A setup can be to scan production and staging envirnoment. From a security perspective I am interested in what is deployed into production, not what should be in production (but might not be). I see this as a main advantage over scanning in CI/CD.

In the cluster itself, we only install the ImageCollector which gathers the installed images (e.g. kubectl get pods). The scanning part can happen on an other cluster.

Why do you not recommend to scan production?

wurstbrot avatar Oct 29 '21 08:10 wurstbrot