Operations | Monitoring | ITSM | DevOps | Cloud

April 2020

Five things CISOs can do to make containers secure and compliant

Chances are, if you’re not already moving applications to containers and Kubernetes, you’re considering it. However, it’s likely that security and compliance implications are something you haven’t fully thought through. Addressing container security risks later in the development life cycle negatively impacts the pace of cloud adoption while simultaneously raising security and compliance risks. The use of containers and Kubernetes changes your security calculus.

How to monitor OPA Gatekeeper with Prometheus metrics

In this blog post, we’re going to explain how to monitor Open Policy Agent (OPA) Gatekeeper with Prometheus metrics. If you have deployed OPA Gatekeeper, monitoring this admission controller is as relevant as monitoring the rest of the Kubernetes control plane components, like APIserver, kubelet or controller-manager. If something breaks here, Kubernetes won’t deploy new pods in your cluster; and if it’s slow, your cluster scale performance will degrade.

Performing Image Scanning on Admission Controller with OPA

In this post we will talk about using image scanning on admission controller to scan your container images on-demand, right before your workloads are scheduled in the cluster. Ensuring that all the runtime workloads have been scanned and have no serious vulnerabilities is not an easy task. Let’s see how we can block any pod that doesn’t pass the scanning policies before it even runs in your cluster.

PCI Compliance for Containers and Kubernetes

Attend our webinar about PCI compliance in containers & Kubernetes: Download our PCI Guide: More info in our blog: Many of your applications are now starting to run on containers in the cloud. If your applications are at all dealing with credit card data, you may be wondering how to validate PCI compliance, a well known regulation for handling this data securely. PCI is also a must have requirement to check off before your code gets to production.

Securing Tekton pipelines in OpenShift with Sysdig

In this blog post, you’ll learn how to create a reusable Sysdig Secure image scanning task, for Tekton pipelines and Openshift clusters, that can be deployed in many pipelines. As a DevOps engineer, you want to deliver applications fast but keeping compliance with security standards like CIS, PCI DSS or NIST 800-190, GDPR can be an arduous task. You might implement image scanning in your CI/CD pipelines to detect and resolve issues such as known vulnerabilities and incorrect configurations.

Falco Support on AWS Fargate

Today we’re very excited to announce a partnership with Amazon to support Fargate in Sysdig’s product line. We are also announcing that Falco, the world’s most popular runtime security tool for containers, will soon be able to work on Fargate. This is an important milestone. For the first time, Fargate users will enjoy the benefit of deep instrumentation. This will make their workloads more secure, reliable, and efficient.

OpenMetrics: Is Prometheus unbound?

Historically, the monitoring landscape has been a mess; today, it still is. It’s even worse given how software architectures have changed with all of the cloud-native principles. As “techies”, we need to do something about this. Otherwise, we’ll remain chained up by an inability to properly observe our own platforms and applications.

Sysdig Monitor Overview

Organizations are moving to the cloud and DevOps to ship applications faster. However, the dynamic nature of these environments can lead to gaps in visibility. Without the proper insight, how can you address the issues that impact the availability and performance of your applications? Sysdig Monitor provides cloud monitoring at scale with full Prometheus compatibility. You can get deep visibility into rapidly-changing container-environments including infrastructure, services and applications.