Description
Snyk integrates with Kubernetes, enabling you to import and test your running workloads and identify vulnerabilities in their associated images and configurations that might make those workloads less secure. Once imported, Snyk continues to monitor those workloads, identifying additional security issues as new images are deployed and the workload configuration changes.
Integration with Kubernetes is available for Snyk Container paid plans only, and is also supported with our on-prem offering.
How it works
- Your administrator installs a controller on your cluster, authenticating the integration with a unique ID generated from the Snyk account. Install the controller with either of these options:
Install the Snyk controller with Helm
Install the Snyk controller with OpenShift and OperatorHub - The controller communicates with the Kubernetes API to determine which workloads (for instance the Deployment, ReplicationController, CronJob, etc.) are running on the cluster, find their associated images and scan them directly on the cluster for vulnerabilities.
- From Snyk, collaborators select which workloads to import, or workloads can be imported automatically using annotations. These options are as described in Adding Kubernetes workloads for security scanning.
- For each workload that your collaborators import, Snyk displays the vulnerabilities found in each image as well as a summary of configuration issues identified with the workload.
- Snyk monitors your imported workloads on an ongoing basis, reporting on new vulnerabilities as they are disclosed whenever they affect your projects.
- Based on your configurations, if vulnerabilities are found, Snyk notifies you via email or Slack so that you can take immediate action.
General information
The following information was extracted from the containerfile and other sources.
| Summary | Snyk integration for Kubernetes |
| Description | The Universal Base Image is designed and engineered to be the base layer for all of your containerized applications, middleware and utilities. This base image is freely redistributable, but Red Hat only supports Red Hat technologies through subscriptions for Red Hat products. This image is maintained by Red Hat and updated regularly. |
| Provider | Snyk Ltd. |
| Maintainer | support@snyk.io |
Technical information
The following information was extracted from the containerfile and other sources.
| Repository name | Snyk Controller |
| Image version | 8.4 |
| Architecture | amd64 |
| User | 10001:10001 |
Use the following instructions to get images from a Red Hat container registry using registry service account tokens. You will need to create a registry service account to use prior to completing any of the following tasks.
Using OpenShift secrets
First, you will need to add a reference to the appropriate secret and repository to your Kubernetes pod configuration via an imagePullSecrets field.
Then, use the following from the command line or from the OpenShift Dashboard GUI interface.
Using podman login
Use the following command(s) from a system with podman installed
Using docker login
Use the following command(s) from a system with docker service installed and running
Use the following instructions to get images from a Red Hat container registry using your Red Hat login.
Using OpenShift
For best practices, it is recommended to use registry tokens when pulling content for OpenShift deployments.
Using podman login
Use the following command(s) from a system with podman installed
Using docker login
Use the following command(s) from a system with docker service installed and running
