Fugue Adds Support for Kubernetes Security
October 18, 2021

Fugue announced support for Kubernetes security prior to deployment.

Using policy as code automation built on the open source Regula policy engine, Fugue provides a unified platform for securing infrastructure as code (IaC) and cloud runtime environments using a single set of policies, saving cloud teams significant time and ensuring consistent policy enforcement across the development life cycle. With this release, organizations can now use Fugue to secure infrastructure as code for Kubernetes, Terraform and AWS CloudFormation. Fugue has also added rules that align with the CIS Kubernetes Benchmark.

“Engineering teams are increasingly using a mix of container orchestration, virtual machines, and serverless across cloud providers, and using different policies for everything wastes a tremendous amount of time and invites vulnerabilities to slip through the cracks,” said Josh Stella, Co-Founder and CEO of Fugue. “Teams need a unified way to secure everything at every stage of the development life cycle, and with support for Kubernetes, they can secure all of the infrastructure as code and apply those policies to their running cloud environments.”

Fugue provides centralized IaC security management for cloud resource configurations, container orchestration, and containers. Teams can use Fugue to establish IaC security visibility across their organization. Fugue’s open source Regula policy engine provides tooling for engineers to check their IaC configurations locally and for developing and testing custom policies, including those that can check for multi-resource vulnerabilities. Fugue and Regula use Open Policy Agent (OPA), the open standard for policy as code. OPA is a Cloud Native Computing Foundation (CNCF) graduated project.

The Fugue SaaS platform and Regula project include hundreds of pre-built policies mapped to the CIS Foundations Benchmarks for Amazon Web Services (AWS), Microsoft Azure, Google Cloud, and Kubernetes. Additionally, Fugue provides compliance mappings for SOC 2, NIST 800-53, GDPR, PCI, HIPAA, ISO 27001, CSA CCM, CIS Controls, CIS Docker, and the Fugue Best Practices Framework to catch misconfigurations that compliance may miss.

The Fugue API and CLI are first-class citizens in the product, enabling engineers to build automated IaC checks into Git workflows and CI/CD pipelines to prevent misconfiguration vulnerabilities in deployments. Unlike with other cloud security products, teams can use those same policies to ensure cloud runtime environments stay secure post-deployment, including cloud resources deployed outside of IaC and CI/CD pipelines.

Share this

Industry News

December 02, 2021

Mirantis announced DevOpsCare, powered by Lens, a vendor-agnostic, fully-managed CI/CD (continuous integration/continuous deployment) product for any Kubernetes environment, offering developers higher levels of productivity more quickly.

December 02, 2021

The D2iQ Kubernetes Platform (DKP) is now available in AWS Marketplace, a digital catalog with thousands of software listings from independent software vendors that make it easy to find, test, buy, and deploy software that runs on Amazon Web Services, Inc. (AWS).

December 01, 2021

Bugcrowd announced the availability of Bugcrowd's cybersecurity solutions on the AWS Marketplace, providing customers with easy access, simplified billing, quick deployment, and streamlined license management.

December 01, 2021

Kublr received Microsoft Azure Arc-enabled Kubernetes validation, including for Azure Arc-enabled Kubernetes for Data Services.

December 01, 2021

CloudSphere achieved Amazon Web Services (AWS) Migration and Modernization Competency for discovering, planning, and helping enterprise customers move business services to AWS to reduce cost, increase agility and improve security.

November 30, 2021

JFrog introduced a new container registry and package manager for running JFrog Artifactory with Kubernetes clusters on-premises, in the cloud, or both.

November 30, 2021

Docker announced the availability of Docker Official Images directly from Amazon Web Services (AWS).

November 30, 2021

Weaveworks announced the general availability of Weave GitOps Enterprise, a GitOps platform that automates continuous application delivery and Kubernetes operations at any scale.

November 30, 2021

Amazon Web Services announced AWS Mainframe Modernization, a new service that makes it faster and easier for customers to migrate mainframe and legacy workloads to the cloud, and enjoy the superior agility, elasticity, and cost savings of AWS.

November 29, 2021

Quali announced the newest release of Torque Enterprise, which includes enhanced integration with Terraform, new custom tagging capabilities, and improved cost visibility dashboards, unleashing an entirely new level of self-service access to application environments on demand.

November 29, 2021

Vertical Relevance (VR), a financial services-focused consulting firm, achieved Amazon Web Services (AWS) DevOps Competency status.

November 18, 2021

Loft Labs announced the launch of Loft version 2 with a focus on ease of use that overcomes the major complaint that Kubernetes is complex and hard to set up.

November 18, 2021

Perforce Software announced new functionality to speed remediation of discovered defects in automated scans.

November 18, 2021

Lacework raised $1.3 billion in growth funding at a valuation of $8.3 billion.

November 17, 2021

Parasoft announced the 2021.2 release of Parasoft C/C++test, the unified C and C++ development testing solution for embedded applications.