In this blog post, we are going to cover how to perform container image scanning for CircleCI using Sysdig Secure. Image scanning allows DevOps teams to detect and resolve issues, like known vulnerabilities and incorrect configurations, directly in their CI/CD pipelines. Using Sysdig Secure, you can enforce image policies to block vulnerabilities before they reach production environments and fix them faster while the developer still has the context.

We’ve been busy this New Year (a rather warm one in San Francisco) to bring you exciting new ways to secure your DevOps journey. Read on for the details and see how you can put them to use!

We often hear from our customers that to adopt a container and Kubernetes security tool in any mid sized or large organization, separation of duties and least privilege access via RBAC is a must. Admin roles cannot be granted unnecessarily to all teams. If users or groups are routinely granted these elevated privileges, account compromises or mistakes can result in security and compliance violations.

Monitor Kubelet is key when running Kubernetes in production. Kubelet is a very important service inside Kubernetes’ control plane. It’s the component that cares that the containers described by pods are running in the nodes. Kubelet works in a declarative way by receiving PodSpecs and ensuring that the current state matches desired pods.