Introducing Offline Cluster Scanning with Nirmata

Introducing Offline Cluster Scanning with Nirmata

AnushaBlogOct.24

Simplify Kubernetes Security with Offline Cluster Scanning

We are thrilled to introduce a groundbreaking feature in the Nirmata Control Hub (NCH) – Offline Cluster Scanning. You can now scan any Kubernetes cluster without needing to install any agents. This makes it easier than ever to ensure the security and health of your clusters.

In the past, Kubernetes scanning often involved installing agents within your clusters, which could be complex and resource-intensive. While effective, this approach added another layer of maintenance and, in some cases, slowed down operations. However, with our new offline cluster scanning, you can access all the powerful insights of traditional in-cluster scanning without installing or managing any additional components. It’s as simple as point and scan.

Critical Benefits of Offline Cluster Scanning

With this new feature, you can:

  • Perform in-depth scans on any Kubernetes cluster without touching your infrastructure.
  • View comprehensive reports in a central, easy-to-navigate dashboard.
  • Collaborate with your team by sharing reports directly through the dashboard.
  • Access detailed remediation recommendations so you can act on vulnerabilities or misconfigurations quickly.
  • All of this happens without the overhead of managing in-cluster agents.

How We Do It: Simple Steps for Scanning Your Kubernetes Cluster

Here’s a quick guide to getting started with offline cluster scanning with Nirmata, which leverages your Kubernetes context and integrates directly with NCH for policy checks, exceptions, and reporting.

Refer to the official documentation for detailed steps.

Policies can be centrally defined in a Git repository or NCH. When conducting an offline cluster scan, nctl will retrieve these policies and any available policy exceptions to scan your entire cluster. In this instance, I am scanning a sample Kubernetes cluster running the nginx application.

Screenshot 2024 10 24 at 1.44.56 PM

If you want to scan only a few namespaces, you can pass a list of comma-separated namespaces via the `-n` flag. Here is the sample output for scanning the app namespace in the cluster.

Screenshot 2024 10 24 at 1.34.58 PM

After the scan, the results are automatically published to the NCH dashboard. There, you can see a unified view of all your cluster scans, making tracking compliance and identifying recurring issues easier.

Screenshot 2024 10 24 at 1.36.44 PM

Screenshot 2024 10 24 at 1.38.18 PM

Screenshot 2024 10 24 at 1.40.40 PM

Nirmata Contrl Hub provides:

  • Unified View: View scan results from multiple clusters, each evaluated against your predefined policies.
  • Issue Breakdown: Dive into specific policy violations to get a granular view of what went wrong, along with remediation steps.
  • Collaboration: Share reports directly with team members, assign remediation tasks or integrate them with your CI/CD pipeline.

Get Started with Offline Cluster Scanning Today

With these simple steps, securing your Kubernetes clusters is faster and easier than ever. There are no agents or extra infrastructure – just robust, real-time insights and actionable security reports right at your fingertips.

Ready to give it a try? You can download nctl for free, and to explore the detailed reports in NCH, sign up for a 15-day free trial. Feel free to contact us if you need any assistance along the way!



Namespace-as-a-service: Self-service Kubernetes Deployments via GitOps
Announcing Nirmata Control (nctl): The Universal Infrastructure as Code Scanner for IaC Scanning and IaC Security
No Comments

Sorry, the comment form is closed at this time.