SupportAPI docsProduct updatesSign up for free
Search…
Snyk User Documentation
Introducing Snyk
Getting started
Snyk Web UI
Snyk CLI
Snyk API
Snyk for IDEs
Snyk Apps
Snyk Integrations
SNYK PRODUCTS
Snyk Open Source
Snyk Code
Snyk Container
Getting started with Snyk Container
Snyk Container security basics
Snyk CLI for container security
Getting around the Snyk Container UI
Scan your Dockerfile
Snyk Container for self-hosted container registries (with broker)
Kubernetes integration
Kubernetes integration overview
Kubernetes integration architecture diagram
How Snyk Controller handles your data
Enable the Kubernetes integration
Supported workloads, Container Registry, languages, OS for Kubernetes integration
Disable the Kubernetes integration
Installation page
Kubernetes integration features
Kubernetes integration UI explained
Kubernetes integration FAQ
Image scanning information library
Snyk Infrastructure as Code
Snyk Cloud
USING SNYK
Snyk Broker
User and group management
Fixing and prioritizing issues
Snyk reports
Snyk Tools
SNYK INFO
Disclosing vulnerabilities
How Snyk handles your data
Snyk Partner workshops
Powered By GitBook
Kubernetes integration overview
Snyk integrates with Kubernetes, enabling you to import and test your running workloads and identify vulnerabilities in their associated images and configurations that might make those workloads less secure. Once imported, Snyk continues to monitor those workloads, identifying additional security issues as new images are deployed and the workload configuration changes.
Feature availability This feature is available in Business and Enterprise plans. See pricing plans for more details.
How it works
  1. 1.
    Your administrator installs a controller on your cluster, authenticating the integration with a unique ID generated from the Snyk account. Install the controller with either of these options:
  2. 2.
    The controller communicates with the Kubernetes API to determine which workloads (for instance the Deployment, ReplicationController, CronJob, etc.) are running on the cluster, find their associated images, and scan them directly on the cluster for vulnerabilities.
  3. 3.
    From Snyk, collaborators select which workloads to import, or workloads can be imported automatically using annotations. These options are as described in Adding Kubernetes workloads for security scanning.
  4. 4.
    For each workload that your collaborators import, Snyk displays the vulnerabilities found in each image as well as a summary of configuration issues identified with the workload.
  5. 5.
    Snyk monitors your imported workloads on an ongoing basis, reporting on new vulnerabilities as they are disclosed whenever they affect your projects.
  6. 6.
    Based on your configurations, if vulnerabilities are found, Snyk notifies you via email or Slack so that you can take immediate action.
In order to maintain the health of the database, any information that relates to a workload that hasn't been changed or updated for 8 days would be removed. This could lead to failure on retesting the workload.
Terms and conditions
The Snyk Container Kubernetes integration uses Red Hat UBI (Universal Base Image).
Before downloading or using this application, you must agree to the Red Hat subscription agreement located at redhat.com/licenses. If you do not agree with these terms, do not download or use the application. If you have an existing Red Hat Enterprise Agreement (or other negotiated agreement with Red Hat) with terms that govern subscription services associated with Containers, then your existing agreement will control.
Previous
Kubernetes integration
Next
Kubernetes integration architecture diagram
Last modified 1mo ago
Export as PDF
Copy link
Edit on GitHub