https://www.aquasec.com/, a leading cloud native security figure, has unveiled alarming findings after a three-month investigation by its research team, https://www.aquasec.com/research/. The study revealed that https://kubernetes.io/ clusters of over 350 entities, including Fortune 500 companies, open source projects, and individuals, were left exposed and vulnerable.
For example, Aqua found that the Kubernetes cluster was often part of the organization’s Software Development Life Cycle (SDLC). Therefore, the Kubernetes cluster also had access to Source Code Management (SCM), Continuous Integration/Continuous Deployment (CI/CD), registries, and the Cloud Service Provider.
Specifically, Aqua Nautilus recommends using native Kubernetes features like RBAC and admission control policies to enhance security.