Armo's Kubernetes security platform Kubescape becomes a CNCF sandbox project

CLOUD

Cybersecurity startup Armo Ltd. announced today that its open-source security software platform Kubescape has been accepted by the Cloud Native Computing Foundation as its latest sandbox project.

The company also announced the official launch of the Armo Platform, which is an enterprise-grade version of Kubescape with premium features not available in the open-source version.

The CNCF’s backing is a big validation of the Kubescape platform, which helps protect Kubernetes environments from multiple kinds of cyberattacks. Kubernetes is an open-source container orchestration platform that’s used to manage the components of modern applications. The software is widely used by enterprises, which is why Armo says it’s in desperate need of a security boost.

Kubescape provides that, offering the first open-source security platform for Kubernetes environments that works by scanning configuration files such as YAML and Helm, as well as clusters and worker nodes, for misconfigurations and known vulnerabilities listed on the MITRE ATT&CK and other databases.

After scanning a Kubernetes environment, Kubescape calculates a risk score and provides suggestions to users on any fixes that need to be made. In addition, the platform comes with a module for overseeing role-based access controls that visualizes the connection of roles and privileges in different parts of a Kubernetes cluster. It illustrates how these connections can fail and leave security holes, and shows how they can be fixed.

Armo says the biggest benefit of Kubescape is that it’s fully open-source. That’s important, because the most popular Kubernetes security tools in use today are proprietary, closed-source platforms that are expensive for many organizations.

With today’s move, the responsibility for Kubescape’s development has now been handed off to the CNCF, which will henceforth govern the project. Armo says it will still continue to work on Kubescape as its lead developer.

“Armo is a company committed to open source and dedicated to Kubernetes,” said Armo Vice President of Open Source Craig Box. “Bringing Kubescape to the CNCF was an obvious choice. Kubescape helps tens of thousands of users secure their Kubernetes clusters and CI/CD pipelines. As the first security scanner to become a CNCF project, we will strive to support and integrate with other CNCF projects, and look forward to building a wide contributor community.”

Although it’s committed to open source, Armo still needs to make money, and to do that it has announced the launch of its Armo Platform, which brings additional features to Kubescape, including full enterprise-grade support and maintenance. The most significant difference between the two offerings is that the Armo Platform comes with a more fully-featured user interface and DevSecOps dashboard.

It also offers pre-integrations with third-party DevOps tools and collaboration services such as Jira and Slack. In addition, Armo Platform can be deployed more easily on any Kubernetes platform, including cloud variants such as Amazon Web Services Inc.’s Elastic Kubernetes Service, Microsoft Corp.’s Azure Kubernetes Service, Google Cloud’s Kubernetes Engine and Red Hat Inc.’s OpenShift platform.

The company reckons that customers are willing to pay for these extra features, counting more than 6,000 users of Armo Platform while in beta.

“Armo remains dedicated to making Kubescape the best open source Kubernetes security platform, and Armo Platform the best enterprise version for Kubescape,” said co-founder and Chief Executive Shauli Rozen.

Image: Armo