Snyk integrates with Kubernetes, enabling you to import and test your running workloads and identify vulnerabilities in their associated images and configurations that might make those workloads less secure. Once imported, Snyk continues to monitor those workloads, identifying additional security issues as new images are deployed and the workload configuration changes.
This feature is available in Business and Enterprise plans, and is also supported with our on-prem offering. See Pricing plans for more details.
How it works
Your administrator installs a controller on your cluster, authenticating the integration with a unique ID generated from the Snyk account. Install the controller with either of these options:
The controller communicates with the Kubernetes API to determine which workloads (for instance the Deployment, ReplicationController, CronJob, etc.) are running on the cluster, find their associated images and scan them directly on the cluster for vulnerabilities.
From Snyk, collaborators select which workloads to import, or workloads can be imported automatically using annotations. These options are as described in Adding Kubernetes workloads for security scanning.
For each workload that your collaborators import, Snyk displays the vulnerabilities found in each image as well as a summary of configuration issues identified with the workload.
Snyk monitors your imported workloads on an ongoing basis, reporting on new vulnerabilities as they are disclosed whenever they affect your projects.
Based on your configurations, if vulnerabilities are found, Snyk notifies you via email or Slack so that you can take immediate action.
Terms and conditions
The Snyk Container Kubernetes integration uses Red Hat UBI (Universal Base Image).
Before downloading or using this application, you must agree to the Red Hat subscription agreement located at redhat.com/licenses. If you do not agree with these terms, do not download or use the application. If you have an existing Red Hat Enterprise Agreement (or other negotiated agreement with Red Hat) with terms that govern subscription services associated with Containers, then your existing agreement will control.