Vulnerabilities Detection Tools with Secure DevOps-Part 2

This article is about security scanning vulnerabilities detection tools for secure DevOps. In Part 1, were discussed image scanning tools. In Part 2 we are discussing about Run time security scanning tools for secure DevOps.

There are many runtime scanning tools which help to detect application vulnerabilities in DevOps. Some of them are Sysdig, Sysdig Inspect, Falco, Kube-bench, Kube-hunter & Prometheus.

1. Sysdig

• First runtime prevention tool by Kubernetes Policy Advisor​
• Maximize performance & availability
• Embedded security and validate
• Get results quickly​
• The standalone application is available for Linux distributions, but it also available for Windows & Mac with more limited functionality.​
• Open-source system to monitor, capture, and analyze applications through the system calls and the information passing through the kernel.

2. Sysdig Inspect

• System call visualization, Easy drill-downs​
• Simplified troubleshooting, activity correlation​ & Container visibility​
• Easily drill into views for the process, file system & network activities.​
• both performance & security investigation​ & Windows installer available.​
• This is a powerful opensource interface for container troubleshooting and security investigation.​
• Provides a nice UI that is easy to walk through so that any information can be gathered.​
• Sysdig Inspect desktop software is available to download or else we can use our browser to get results.​
• Sysdig Inspect facilitates us to switch back to sysdig mode and look at every system call.​
• Mainly good at troubleshooting, performance analysis, and forensics. ​

3. Falco

• Falco can be identified as a runtime security tool which is compatible with Kubernetes.​
• This was originally introduced by Sysdig at the beginning, but now it runs independently by the Falco community.​
• Falco can be applied to the Kubernetes cluster by running Falco container inside the cluster and Falco can communicate with the Kubernetes API server and as Falco users, we can set up custom rules in addition to the prepackaged ones.​
• Falco lets us continuously monitor and detect container, application, host, and network activity.​
• What Falco basically does is detect and alert on any behavior that involves making Linux system calls.​
• Falco can be downloaded via the below methods.​
• Download for Linux​ & Download container images.​
• Strengthen container security​ & Reduce risk via immediate alert​
• Leverage most current detection rules​ & Can easily detect incident

4.Kube-Bench

• kube-bench is a Go application that checks whether Kubernetes is deployed securely​
• making this tool easy to update as test specifications evolve.
• Kube-bench will determine the test set to run based on the Kubernetes version running on the machine
• Kube-bench does not automatically detect OpenShift and GKE

5. Kube-hunter

• kube-hunter is an open-source tool that hunts for security issues in your Kubernetes clusters. ​
• It’s designed to increase awareness and visibility of the security controls in Kubernetes environments.​
• can run Kube-hunter directly on a machine in the cluster, and select the option to probe all the local network interfaces.

These are the main Run time scanning tools that can help to identify vulnerabilities in DevOps.