Not rendering correctly? View this email as a web page here.
Kubernetes-Native Governance & Security Software

The State of Kubernetes Security

August 2022


CNCF: Kubernetes Policy Management Whitepaper

The Cloud Native Computing Foundation (CNCF) has published a 2022 whitepaper documenting best practices for managing K8s configurations using automated policies with the goal of helping organizations become more secure & compliant.


Kyverno: Journey to CNCF

Jim Bugwadia discusses with TechStrong how to simplify governance & management of K8s clusters across geographies securely with Kyverno OSS.


Subscribe to Kubernetes security alerts

Join the kubernetes-security-announce group to receive emails about security announcements, advisories, and major API announcements.


Could exposed kubelets leak cluster information?

TrendMicro, May 2022

Results from an analysis of 240,000 exposed Kubernetes nodes details how cybercriminals may abuse the kubelet API as an entry point to deploy malicious pods, steal secrets & credentials, or even delete the entire node.


GitHub moves to guard open source against supply chain attacks

Wired, Aug 2022

The popular code repository plans to beef up the security of open source projects following a string of highly-publicized software supply chain attacks. GitHub hopes that "adding signed build information to open source packages that validates where the software came from and how it was built" will help reduce attacks.


Kubernetes Policy Comparison: OPA/Gatekeeper vs Kyverno

NeonMirrors, May 2022

With the global rise in security incidents and the upcoming deprecation and removal of Pod Security Policies (PSPs) in Kubernetes, Chip Zoller compares the two leading CNCF projects that can help your organization secure its clusters and simplify Kubernetes management.


Nirmata Policy Engine eliminates security issues & misconfigurations

Built by the creators of Kyverno, Nirmata's cloud-native policy engine automates & simplifies the creation, deployment, and lifecycle management of policy-based intelligent guardrails for Kubernetes.

Start your free trial →

Upcoming Events

Join the Kubernetes & DevSecOps community at one of the following in-person and/or online events.


KubeCon schedule is LIVE

Detroit, MI | October 24 – 28

With 189 sessions, keynotes, and lightning talks both in-person and virtually, there is something for everyone who is interested in attending. Register for in-person or virtual attendee passes now. Prices go up on August 10!

View schedule » Register now »

Open Source Summit Europe

Dublin | September 13-16, 2022

Hosted by the Linux Foundation, OSS is for open source developers, technologists & community leaders to collaborate, share information, solve problems & gain knowledge to further innovation + ensure a sustainable OSS ecosystem.

View schedule »

DevOpsDays: Chicago

Chicago | Sept 21-22, 2022

Returning to Chicago for the 8th time, this 2-day event features a single track of 30-minute talks, followed by 5-minute lightning talks, and ends with open space discussions. Enjoy discussions on DevSecOps, troubleshooting Kubernetes, SRE practices & even career tips!

View schedule » Introduction to Kyverno

Online | Sept 1, 2022 @ 9am PDT

Join Kyverno's creators as they demonstrate the capabilities of the popular open source K8s policy engine including how namespace-based isolation can be achieved, how policies can isolate control-plane & data-plane constructs, how manage different tiers of tenants.

RSVP now »


Kyverno in Production

With over 300 million downloads, Kyverno has become the de facto solution for Kubernetes policy enforcement and management. In this free online workshop, learn Kyverno architecture, policy customizations, high-availability configuration, Prometheus metrics & more!

Enroll in Workshop →

linkedin-icon  twitter-icon  facebook-icon