Kaspersky Container Security
2.0
English

Contents

Misconfiguration control of images

Kaspersky Container Security allows detecting misconfigurations in configuration files using the configuration file scanner. This scanner can scan images, file systems, and repositories that contain

IaC
files (for example, Terraform, CloudFormation, Azure ARM templates, Helm Chart and Dockerfile packages).

Kaspersky Container Security scans the following configuration files:

  • Configuration files of Kubernetes objects.
    • Pod
    • ReplicaSet
    • ReplicationController
    • Deployment
    • DeploymentConfig
    • StatefulSet
    • DaemonSet
    • CronJob
    • Job
    • Services
    • ConfigMaps
    • Roles and СlusterRoles rights and commands
    • ClusterRoleBindings and RoleBindings
    • Network policy (ingress and egress connections)
  • Configuration files of cluster components.
  • Configuration files of images.
  • Configuration files of Amazon cloud environment services.
    • Amazon IAM policies
    • API Gateway
    • Amazon Athena
    • Amazon CloudFront
    • Amazon CloudTrail
    • Amazon CloudWatch
    • Amazon CodeBuild
    • Amazon Config
    • Amazon DocumentDB databases
    • Amazon DynamoDB Accelerator
    • Amazon Elastic Compute Cloud
    • AWS Elastic Container Registry
    • Amazon Elastic Container Service
    • Amazon Elastic File System
    • Amazon Elastic Kubernetes Service
    • Amazon ElastiCache
    • Amazon Elasticsearch
    • Amazon Elastic Load Balancing
    • Amazon Elastic MapReduce
    • Amazon Identity and Access Management.
    • Amazon Kinesis
    • Amazon Key Management Service
    • Amazon Lambda
    • Amazon MQ Broker
    • Amazon Managed Streaming for Apache Kafka
    • Amazon Neptune
    • Amazon Relational Database Service
    • Amazon Redshift
    • Amazon Simple Storage Service
    • Amazon Serverless Application Model
    • Amazon Simple Notification Service
    • Amazon Simple Queue Service
    • Amazon Secrets Manager
    • Amazon Workspaces

  • Configuration files of Azure cloud environment services.
    • Azure App Service
    • Azure Compute
    • Azure Container Service
    • Azure SQL Database
    • Azure Data Factory
    • Azure Data Lake
    • Azure Key Vault
    • Azure Monitor
    • Services responsible for the network interaction of Azure
    • Azure Security Center
    • Azure Storage
    • Azure Synapse Analytics
    • Azure IAM policies
  • Configuration files of the DigitalOcean cloud environment.
  • Configuration files of the ApacheCloudStack cloud environment.
  • Configuration files of Terraform GitHub Provider.
  • Configuration files of Google cloud environment services.
    • Google BigQuery
    • Google Compute Engine
    • Google Cloud DNS
    • Google Cloud IAM policies
    • Google Cloud Key Management Service
    • Google Cloud SQL
    • Google Cloud Storage
  • Configuration files of Nifcloud Provider.
    • Computing
    • DNS
    • NAS
    • Network
    • Rdb
    • SSL certificates
  • Configuration files of OpenStack.
    • Computing
    • Networking
  • Configuration files of Oracle Compute Cloud.

The following table lists the types of configuration files and configuration files formats that Kaspersky Container Security supports.

Types and formats of configuration files

File type

File format

Kubernetes

*.yml, *.yaml, *.json

Docker

Dockerfile, Containerfile

Terraform

*.tf, *.tf.json, *.tfvars

Terraform Plan

tfplan, *.tfplan, *.json

CloudFormation

*.yml, *.yaml, *.json

Azure ARM Template

*.json

Helm

*yaml, *.tpl, *.tar.gz

YAML

*.yaml, *.yml

JSON

*.json

Page top
[Topic 293438]