Software development environments using containerization report corporate adoption rates of 98 percent. To address the threat vectors targeting these architectures, cloud and network security provider Kaspersky released an update to its Kaspersky Container Security platform. The software, designed for on-premise installations and isolated networks, now includes custom policy creation for image assurance, dynamic admission control and security benchmarking.
The system update introduces an import and export function for configuration settings. Administrators can export policies and agent groups alongside user profiles as encrypted packages or open-format files for manual editing. This feature supports complex enterprise architectures where a subsidiary operates a dedicated IT infrastructure separate from a parent company, enabling security teams to replicate configurations across different product instances. The platform also extends security agent support to master nodes. This addition permits control plane audits to identify vulnerable configurations at the orchestration layer of a cluster.
To address software supply chain risks, the vendor added specific detection rules for GitHub Actions misconfigurations. These errors involve unsafe workflow triggers and improper input data handling. Insecure versioning policies also contribute to these vulnerabilities, which allow threat actors to hijack automated workflows and compromise infrastructure keys. Attackers can exploit these gaps to inject malicious code into production builds.
Security personnel can identify these issues during repository scanning by running the tool in a standalone mode or embedding the scanner into continuous integration pipelines. Users can restrict access to these scan results based on organizational project visibility requirements. Scanned container images can then be exported as a Software Bill of Materials to integrate with vulnerability management tools.
The engineering team implemented a 2.5x performance optimization for node agents to enable rule processing with zero impact on pod CPU and memory consumption. A scan result caching feature on the agent side delivers a 10x speed optimization for dynamic admission control requests. Furthermore, administrators can apply dynamic agent updates to group configurations without requiring pod redeployments or triggering production downtime.
“We believe that container security must be as flexible and fast as containerisation itself. The new capabilities in Kaspersky Container Security are built to match the needs of modern DevOps. For instance, the new GitHub Actions scanning feature catches vulnerabilities directly within the configuration code, allowing teams to identify and fix errors as early as possible, when it is most cost-effective and prevents missed deadlines,” comments Anton Rusakov-Rudenko, Senior Product Marketing Manager, Cloud & Network Security at Kaspersky. “This release helps to effectively bridge the gap between rapid deployment and strict compliance, protecting infrastructure against the latest cyberthreats, without operational overhead.”
