© 2024 Prancer Enterprise
Blog
Prancer is announcing Security scan of Google Cloud Kubernetes Config Connector (KCC) files
Prancer
June 10, 2021
Security Scan

San Diego, CA, June 10th 2021 – Prancer Enterprise is announcing a new feature for the Kubernetes Config Connector (KCC) security check. With this new release, Prancer platform can connect to git repositories and security scan Google Cloud Kubernetes Config Connector (KCC) files. This move reflects Prancer’s commitment to extend the security through multiple platforms and “shift the security to the left” at the hand of developers. 

Prancer Enterprise is the first company to provide automated security scan capability for Kubernetes Config Connector (KCC) files. Config Connector (KCC) (https://cloud.google.com/config-connector/docs/overview), an add-on to Kubernetes, which Google recently released, manages GCP resources as Kubernetes resources. KCC enables a single consistent place to provision and configure your entire application without switching between multiple tools and conventions.  

Your online apps on App Engine, Google Kubernetes Engine (GKE), and Compute Engine are security-vulnerable, according to Web Security Scanner. It crawls your application, following each link that falls within the range of your beginning URLs, and makes an effort to test as many event handlers and user inputs as it can.

Deployed as a Kubernetes operator under the hood, Kubernetes Config Connector (KCC) continuously reconciles the Kubernetes resources it manages with the existing cloud infrastructure to meet the desired state in near real-time. This new capability affirms the eventual consistency of cloud resources by leveraging “configuration as data”.  

Prancer Enterprise has provided The Kubernetes Config Connector (KCC) compliance policies based on OPA Rego language and can be found in Prancer’s GitHub account: 

https://github.com/prancer-io/prancer-compliance-test 

About Prancer 

Prancer Enterprise (https://www.prancer.io) provides a pre-deployment and post-deployment multi-cloud security platform for Infrastructure as Code (IaC) and live cloud environments. It shifts the security to the left and provides end-to-end security scanning based on the Policy as Code concept. DevOps engineers can use it for static code analysis on IaC to find security drifts and maintain their cloud security posture with continuous compliance features.