Information about detected misconfigurations

Kaspersky Container Security allows detecting misconfigurations in configuration files using the configuration file scanner. This scanner can scan images, file systems, and repositories that contain IaC files (for example, Terraform, CloudFormation, Azure ARM templates, Helm Chart and Dockerfile packages).

Kaspersky Container Security scans the following configuration files:

• Configuration files of Kubernetes objects.
  • Pod
  • ReplicaSet
  • ReplicationController
  • Deployment
  • DeploymentConfig
  • StatefulSet
  • DaemonSet
  • CronJob
  • Job
  • Services
  • ConfigMaps
  • Roles and СlusterRoles rights and commands
  • ClusterRoleBindings and RoleBindings
  • Network policy (ingress and egress connections)
• Configuration files of cluster components.
• Configuration files of images.
• Configuration files of Amazon cloud environment services.
  • Amazon IAM policies
  • API Gateway
  • Amazon Athena
  • Amazon CloudFront
  • Amazon CloudTrail
  • Amazon CloudWatch
  • Amazon CodeBuild
  • Amazon Config
  • Amazon DocumentDB databases
  • Amazon DynamoDB Accelerator
  • Amazon Elastic Compute Cloud
  • AWS Elastic Container Registry
  • Amazon Elastic Container Service
  • Amazon Elastic File System
  • Amazon Elastic Kubernetes Service
  • Amazon ElastiCache
  • Amazon Elasticsearch
  • Amazon Elastic Load Balancing
  • Amazon Elastic MapReduce
  • Amazon Identity and Access Management.
  • Amazon Kinesis
  • Amazon Key Management Service
  • Amazon Lambda
  • Amazon MQ Broker
  • Amazon Managed Streaming for Apache Kafka
  • Amazon Neptune
  • Amazon Relational Database Service
  • Amazon Redshift
  • Amazon Simple Storage Service
  • Amazon Serverless Application Model
  • Amazon Simple Notification Service
  • Amazon Simple Queue Service
  • Amazon Secrets Manager
  • Amazon Workspaces
• Configuration files of Azure cloud environment services.
  • Azure App Service
  • Azure Compute
  • Azure Container Service
  • Azure SQL Database
  • Azure Data Factory
  • Azure Data Lake
  • Azure Key Vault
  • Azure Monitor
  • Services responsible for the network interaction of Azure
  • Azure Security Center
  • Azure Storage
  • Azure Synapse Analytics
  • Azure IAM policies
• Configuration files of the DigitalOcean cloud environment.
• Configuration files of the ApacheCloudStack cloud environment.
• Configuration files of Terraform GitHub Provider.
• Configuration files of Google cloud environment services.
  • Google BigQuery
  • Google Compute Engine
  • Google Cloud DNS
  • Google Cloud IAM policies
  • Google Cloud Key Management Service
  • Google Cloud SQL
  • Google Cloud Storage
• Configuration files of Nifcloud Provider.
  • Computing
  • DNS
  • NAS
  • Network
  • Rdb
  • SSL certificates
• Configuration files of OpenStack.
  • Computing
  • Networking
• Configuration files of Oracle Compute Cloud.

The following table lists the types of configuration files and configuration files formats that Kaspersky Container Security supports.

Types and formats of configuration files

File type	File format
Kubernetes	*.yml, *.yaml, *.json
Docker	Dockerfile, Containerfile
Terraform	*.tf, *.tf.json, *.tfvars
Terraform Plan	tfplan, *.tfplan, *.json
CloudFormation	*.yml, *.yaml, *.json
Azure ARM Template	*.json
Helm	*yaml, *.tpl, *.tar.gz
YAML	*.yaml, *.yml
JSON	*.json

In the table in the Resources → Registries → Misconfigurations section, Kaspersky Container Security displays information about object files in which scans have detected misconfigurations. For each object, the table provides the following information:

• Name or indication of the file in which misconfigurations were found. Clicking a file name expands the list of configuration errors in the file. You can click the name of the misconfiguration to open a sidebar with the following misconfiguration details:
  • Misconfiguration name.
  • On the General tab, the solution displays the description, IaC configuration file type, and the severity level of the misconfiguration. Kaspersky Container Security also indicates the action that must be taken to resolve the detected misconfiguration, and provides links to data sources for this misconfiguration.
  • On the Risk acceptance tab, you can accept the risks associated with misconfigurations and view the risks that already have been accepted.
• IaC configuration file type. The solution indicates the type of infrastructure that the file is suitable for.
• Severity level.
• Number of risks accepted for the file or misconfiguration.

To customize the display of objects in the table:

1. Select one or more vulnerability severity levels by clicking the corresponding buttons above the table (Critical, High, Medium, Low, Negligible).
2. In the IaC type drop-down list, select the type of the IaC configuration file. The following options are available: All (default), kubernetes, dockerfile, terraform, cloudformation.
3. In the File name column, open the list of misconfigurations for a file.

   By default, the list of misconfigurations is collapsed.

The solution also allows finding an object by the name of the file in which misconfigurations were found.

Page top