Solutions
Audit & Optimization Platform Design Automation Team Structure
Documentation Blog
Get Started
Container Registry Security 2021

Image Swapper 0.5: Security Scanning Integration and Policy Management

K8s Guru
2 min read
#image-swapper #container-images #security #mirroring #kubernetes
Image Swapper 0.5: Security Scanning Integration and Policy Management

Table of Contents

Introduction

Image Swapper 0.5 — Security Scanning Integration and Policy Management — was released on December 8, 2021.

Policy usually becomes urgent the first time you need to stop a risky manifest from shipping — or when you’re trying to make standards repeatable across teams.

In this release: Image Swapper 0.5 delivers security scanning integration, enhanced policy management, and improved registry support for container image security.

Security Scanning Integration

  • Vulnerability scanning integration enables automatic security scanning of images before deployment.
  • Scan result storage enables tracking and auditing of security scan results.
  • Policy enforcement provides blocking of images with critical vulnerabilities.
  • Multi-scanner support enables integration with Trivy, Clair, and other scanners.

Enhanced Policy Management

  1. Allow lists enable defining approved image registries and sources.
  2. Deny lists provide blocking of untrusted or prohibited image sources.
  3. Registry policies enable different policies per registry or namespace.
  4. Policy validation ensures policies are correctly configured.

Registry Improvements

  • Multi-registry support enables managing images across multiple registries.
  • Authentication enhancements provide better credential management for registries.
  • Sync capabilities ensure images stay up-to-date between registries.
  • Registry health monitoring provides visibility into registry availability.

Getting Started

kubectl apply -f https://github.com/estahn/k8s-image-swapper/releases/download/v0.5.0/release.yaml

Configure with security scanning:

apiVersion: v1
kind: ConfigMap
metadata:
  name: image-swapper-config
  namespace: image-swapper-system
data:
  config.yaml: |
    sourceRegistries:
    - docker.io
    targetRegistry: registry.example.com
    mirroring:
      enabled: true
    security:
      scanning:
        enabled: true
        provider: trivy
        failOnCritical: true
    policies:
      allowList:
      - "registry.example.com/*"

Summary

AspectDetails
Release DateDecember 8, 2021
Headline FeaturesSecurity scanning integration, enhanced policy management, registry improvements
Why it MattersDelivers comprehensive image security with scanning integration and policy enforcement

Image Swapper 0.5 extends container image management capabilities with security scanning integration and enhanced policy management for improved security posture.