Logz.io Enhances Kubernetes 360 with Security Scanning Integration

Amsterdam: Repeat after me: Developers must take security seriously now. Don't believe me? Just ask the poor devils who had to clean things up after the SolarWinds software supply chain attack, the never-ending Log4j vulnerability, and the npm maintainer protest code gone wrong. The answer? Well, all programmers could become security experts. Or, we could shift security left by using automated tools. I know which one is more likely to happen. And, so does Logz.io, a leading open-source, observability platform, which is integrating security scanning into its Kubernetes 360 unified observability interface.

Logz announced this at KubeCon Europe. They're doing this by integrating its service with Aqua Trivy, the popular open-source vulnerability, and misconfiguration scanning solution. This enhancement will enable 360 platform users to promptly identify and resolve security issues in their Kubernetes environments. Trivy specifically scans for issues in open-source packages and dependencies, infrastructure as code, misconfigurations, and Common Vulnerabilities and Exposures (CVEs).

While quite new, Logz.io's Kubernetes 360 was launched in late 2022,to consolidate Kubernetes observability data because security is now essential. As Asaf Yigal, Logz.io CTO and co-founder, said, “Kubernetes has become the de facto operating system for applications-driven organizations, and this is driving the rapid convergence of security and observability data. As a result, organizations need baked-in security monitoring and response for Kubernetes environments, and with this added content, Kubernetes 360 further provides everything teams need to monitor their environments in a single interface."

Alongside the enhanced security features, the Open 360 platform now includes Logz.io Cloud Security information and event management (SIEM) for advanced threat detection and response. Gartner's report “How to Run Containers and Kubernetes in Production" recommended that “Security can’t be an afterthought. It needs to be embedded in the DevOps process, which Gartner refers to as “DevSecOps.”

Gartner is right, and Logz.io is following up on its suggestion. Looking ahead, I expect almost all Kubernetes management programs will either integrate security tools directly or make it easy to integrate stand-alone security programs into their ecosystem. It's the only sensible thing to do. If you check out Logz.io's take, you can get started with a free 14-day Logz.io Open 360 platform trial today.

Noteworthy Linux and open-source stories:

• Universal Blue is a new paradigm for the Linux desktop and it's brilliant

• Twitter APIs Are Going Very Wrong

• Red Hat at 30: Biggest Linux company of them all still pushing to become cloud powe