Amazon Elastic Container Service for Kubernetes (Amazon EKS) provides Kubernetes as a managed service on AWS. It helps make it easier to deploy, manage and scale containerized applications on Kubernetes. Sysdig cloud-native intelligence solutions – Sysdig Monitor, and Sysdig Secure – provide Amazon EKS monitoring and security from a single agent and unified platform. Sysdig helps AWS customers see more, secure more, and save time in troubleshooting deployed microservices.

Kubernetes is developing so rapidly, that it has become challenging to stay up to date with the latest changes (Heapster has been deprecated!). The ecosystem around Kubernetes has exploded with new integrations developed by the community, and the field of logging and monitoring is one such example.

In this article we will cover Docker image scanning with open source container security / image scanning tools. We will explain how to to deploy and setup Docker image scanning: both on private Docker repositories, and as a CI/CD pipeline validation step. We will also explore ways of integrating image scanning with CI/CD tools like Jenkins, Kubernetes runtime configuration features and runtime security tools like Falco.

“With Docker, developers can build any app in any language using any toolchain. “Dockerized” apps are completely portable and can run anywhere - colleagues’ OS X and Windows laptops, QA servers running Ubuntu in the cloud, and production data center VMs running Red Hat.

Container security is top-of-mind for any organization adopting Docker and Kubernetes, and this open source security guide is a comprehensive resource for anyone who wants to learn how to implement a complete open source container security stack for Docker and Kubernetes.