Fugue Adds Support for Kubernetes Security
October 18, 2021

Fugue announced support for Kubernetes security prior to deployment.

Using policy as code automation built on the open source Regula policy engine, Fugue provides a unified platform for securing infrastructure as code (IaC) and cloud runtime environments using a single set of policies, saving cloud teams significant time and ensuring consistent policy enforcement across the development life cycle. With this release, organizations can now use Fugue to secure infrastructure as code for Kubernetes, Terraform and AWS CloudFormation. Fugue has also added rules that align with the CIS Kubernetes Benchmark.

“Engineering teams are increasingly using a mix of container orchestration, virtual machines, and serverless across cloud providers, and using different policies for everything wastes a tremendous amount of time and invites vulnerabilities to slip through the cracks,” said Josh Stella, Co-Founder and CEO of Fugue. “Teams need a unified way to secure everything at every stage of the development life cycle, and with support for Kubernetes, they can secure all of the infrastructure as code and apply those policies to their running cloud environments.”

Fugue provides centralized IaC security management for cloud resource configurations, container orchestration, and containers. Teams can use Fugue to establish IaC security visibility across their organization. Fugue’s open source Regula policy engine provides tooling for engineers to check their IaC configurations locally and for developing and testing custom policies, including those that can check for multi-resource vulnerabilities. Fugue and Regula use Open Policy Agent (OPA), the open standard for policy as code. OPA is a Cloud Native Computing Foundation (CNCF) graduated project.

The Fugue SaaS platform and Regula project include hundreds of pre-built policies mapped to the CIS Foundations Benchmarks for Amazon Web Services (AWS), Microsoft Azure, Google Cloud, and Kubernetes. Additionally, Fugue provides compliance mappings for SOC 2, NIST 800-53, GDPR, PCI, HIPAA, ISO 27001, CSA CCM, CIS Controls, CIS Docker, and the Fugue Best Practices Framework to catch misconfigurations that compliance may miss.

The Fugue API and CLI are first-class citizens in the product, enabling engineers to build automated IaC checks into Git workflows and CI/CD pipelines to prevent misconfiguration vulnerabilities in deployments. Unlike with other cloud security products, teams can use those same policies to ensure cloud runtime environments stay secure post-deployment, including cloud resources deployed outside of IaC and CI/CD pipelines.

Share this

Industry News

May 12, 2022

Red Hat introduced Red Hat Enterprise Linux 9, the Linux operating system designed to drive more consistent innovation across the open hybrid cloud, from bare metal servers to cloud providers and the farthest edge of enterprise networks.

May 12, 2022

Couchbase announced version 7.1 of Couchbase Server.

May 12, 2022

Copado added Copado Robotic Testing to Copado Essentials.

May 11, 2022

Red Hat announced new advancements within its Red Hat Cloud Services portfolio, delivering a fully-managed and streamlined user experience as organizations build, deploy, manage and scale cloud-native applications across hybrid environments.

May 11, 2022

JFrog introduced a new Docker Desktop Extension for JFrog Xray that allows organizations to automatically scan Docker Containers for vulnerabilities and violations early in the development process.

May 11, 2022

Progress announced a series of updates in Progress Telerik and Progress Kendo UI.

May 11, 2022

Vultr announces that Vultr Kubernetes Engine (VKE) is generally available.

May 10, 2022

Docker announced new features and partnerships to increase developer productivity. Specifically, the company announced Docker Extensions which allow developers to discover and add complementary development tools to Docker Desktop.

May 10, 2022

Red Hat announced the general availability of Red Hat Ansible Automation Platform on Microsoft Azure, pairing hybrid cloud automation with the convenience and support of a managed offering.

May 10, 2022

The Fedora Project, a community-driven open source collaboration sponsored by Red Hat, announced the general availability of Fedora Linux 36, the latest version of the fully open source Fedora operating system.

May 10, 2022

Progress announced the release of Progress Chef Cloud Security, extending DevSecOps with compliance support for native cloud assets and enabling end-to-end management of all on premise, cloud and native cloud resources.

This new offering is complemented with new capabilities across the Chef portfolio targeting DevOps success in the most demanding and complex enterprise deployments.

May 10, 2022

Platform9 announced new platform capabilities in Platform9 5.5 that make it easier for cloud-native development and operations teams to build, scale, and operate apps and Kubernetes clusters in the cloud, on-premises, and at the edge.

May 09, 2022

Red Hat and Accenture have expanded their nearly 12 year strategic partnership to further power open hybrid cloud innovation for enterprises worldwide.

May 09, 2022

Opsera has partnered with Mindtree.

May 09, 2022

Mendix announced that Mendix Workflow for process automation is now generally available.