KSOC releases the firstever KBOM standard
Kubernetes Security Operations
Center (KSOC) has released the first-ever Kubernetes Bill of Materials (KBOM) standard. This KBOM, which is available in an open source CLI tool, helps cloud security teams comprehend the extent of third-party tooling in their environment so they can react more quickly to newly discovered vulnerabilities. Despite the substantial third-party tool ecosystem for Kubernetes, compliance rules for the software supply chain have mostly been disregarded.
Numerous Kubernetes tools, including Crossplane, the Jenkins plugin, CubeFS, and Clusternet, now have new vulnerabilities. Although the Software Bill of Materials (SBOM) is now mandatory for federal purchases in the US, this requirement falls short of the deployment stage in the application development life cycle, where Kubernetes comes into play.
A standard for the overall scope and configuration of a cluster is becoming necessary as teams continue their widespread use of Kubernetes. This uniform standard can make understaffed companies more efficient, especially when Kubernetes expertise is already in short supply.
The new KBOM standard provides a quick view of the scope of your Kubernetes cluster, including workload count, cost and type of hosting service, vulnerabilities for both internal and hosted images, third-party customisation, and more.
“Kubernetes is orchestrating the applications of many of the biggest business brands we know and love. Adoption is no longer an excuse, and yet from a security perspective, we continually leave Kubernetes itself out of the conversation when it comes to standards and compliance guidelines, focusing only on activity before application deployment,” said KSOC CTO Jimmy Mesta.