We are excited to introduce the latest enhancement to our product: Zora Dashboard, now integrating Trivy! This release brings a myriad of benefits to bolster your Kubernetes environment's security and operational efficiency.
Incorporating Trivy into the Zora Dashboard enhances our commitment to providing a comprehensive and centralized solution for Kubernetes security. By combining misconfiguration detection with vulnerability scanning, we offer a robust toolset to fortify your Kubernetes environment.
This release empowers you to:
- Identify the main threats facing your Kubernetes environment and their severity levels;
- Access a grouped view of the most harmful threats for efficient prioritization;
- Gain detailed insights into each threat, facilitating informed decision-making and rapid response actions;
- Scale effortlessly, catering to the diverse needs of businesses managing multiple Kubernetes clusters.
Explore the key features.
Unified Security Reporting Hub for Kubernetes
Zora Dashboard offers a unified reporting hub, providing access to detailed reports on the health and security aspects of your Kubernetes infrastructure. This centralized approach allows for scanning and reporting of potential risks, all within the familiar Zora Dashboard interface. This means less time spent switching between tools and more time focused on resolving critical issues.
Identification of Misconfigurations
Leveraging the capabilities of Marvin and Popeye, Zora Dashboard excels at identifying misconfigurations within your Kubernetes environment. This detailed analysis ensures that your configurations align with best practices, minimizing potential security and operational risks.
Detection of Vulnerabilities
Utilizing the cutting-edge capabilities of Trivy, Zora Dashboard goes beyond identifying misconfigurations to detect vulnerabilities in your Kubernetes environment. This covers a broad spectrum of potential security threats and operational challenges, providing a holistic view for proactive mitigation.
New Addition: Enhanced Vulnerability Overview
Zora Dashboard introduces robust functionality for identifying and categorizing vulnerabilities and threats, offering valuable insights into your images and the severity of any vulnerabilities. This feature assists you in recognizing the primary threats within your environments and prioritizing corrective actions. Additionally, it enables the filtering of vulnerabilities, streamlining the identification process and facilitating collaborative actions with your security team.
Furthermore, within this enhanced version, users will have access to a succinct display of the top 5 threats, categorized by severity. This intuitive interface presents your most important information into a single view, enabling an efficient decision-making processes.
Get Started
How can I get a new version?
The latest integration of Trivy with Zora Dashboard enhances its capabilities in detecting both misconfigurations and vulnerabilities within Kubernetes environments. By combining the strengths of Marvin and Popeye for misconfiguration detection with Trivy's vulnerability scanning, Zora Dashboard ensures that users can effectively identify and address both configuration-related issues and security vulnerabilities from a single, centralized interface.
Here are the steps to get your Zora Dashboard Experience.
- Go to Zora Dashboard and sign in with your GitHub, Google, or Microsoft account;
- Click in "Connect Cluster" and save your workspace ID (this ID is essential for synchronizing between Zora OSS and Zora Dashboard);
- Run the Helm command to install or upgrade the latest version of Zora OSS into your cluster;
- After that with the following commands, you can verify if Zora has been successfully installed and retrieve installation notes
helm list -n zora-system
helm get notes zora -n zora-system - If everything is set up correctly, your cluster should have scheduled scans. Check it by running:
kubectl get cluster,scan -o wide -n zora-system
Schedule: By default, the misconfiguration scan is scheduled to run once per hour, while the vulnerability scan is scheduled to run once per day.
Check our documentation for details: https://zora-docs.undistro.io/v0.8/getting-started/installation/
Conclusion
By integrating Zora Dashboard with Trivy, users will gain greater visibility into real threats in their Kubernetes environments and can devise strategies to enhance the security and robustness of their applications. Zora Dashboard has been acquiring new features and capabilities, positioning itself as a significant asset for DevOps and information security alignment.