11-05, 15:10–15:40 (US/Central), ROOM 2
Integrating eBPF observability data with static scanning tools in Kubernetes, such as API scans and image vulnerability scanners, can yield more accurate and actionable insights.
Static scanning tools (like Kubescape, Trivy, Grype) are a cornerstone in maintaining the security posture of our K8s clusters. However, their output can often be overwhelming and challenging to triage.
By harnessing eBPF's real-time, kernel-level observability, we propose to augment the accuracy of these tools, focusing their results and not overwhelm developers.
We will delve into how eBPF's ability to monitor system calls and network activity in real time can be used to contextualize the output of static scanners, thereby streamlining the process of identifying and addressing vulnerabilities. By the end of this session, you will have a firm grasp of how to utilize eBPF to enhance the output of static scanning tools in K8s, as well as how to implement a workflow that optimizes vulnerability scanning.
Ben is a veteran cybersecurity and DevOps professional, as well as computer science lecturer. Today, he is the co-founder at ARMO, with a vision of making end-to-end Kubernetes security simple for everyone, and a core maintainer of the open source Kubescape project. He teaches advanced information security academically in both undergrad and graduate courses. In his previous capacities, he has been a security researcher and architect, pen-tester and lead developer at Cisco, NDS and Siemens.