We’ve been proud to have partnered with Google many times over the years, including the launches of Google Container Registry and Google Cloud Security Command Center. Today I’m happy to announce our integration with Google’s Binary Authorization technology for Google Kubernetes Engine (GKE). Binary Authorization solves a core challenge for customers – how can I ensure that only safe, authorized images are allowed to run in my cluster?
While Twistlock has long supported this capability natively (and will continue to do so), with this integration with Google’s Binary Authorization for GKE, we’re providing an additional way to enforce these policies at the GKE layer, using admission controllers. In this architecture, Twistlock is providing the image analysis and the policy engine to express and enforce what’s safe and what’s not and then only signing attestations of allowed images. GKE then uses these attestations to determine what it allows to run, providing a secure by default posture that automatically rejects any unknown or vulnerable images. The end result is a solution for the entire software supply chain, in which Twistlock provides a consistent security policy throughout the entire lifecycle of your apps that GKE can now enforce at deployment time.
Here’s a screencast that shows the entire flow end to end:
Whether you’re using Google’s Binary Authorization for GKE, or any other implementation of Kritis, Twistlock’s image analysis and policy engine seamlessly integrate with the rest of your software supply chain to ensure you only ship quality software.
Follow us on Twitter
Follow us on Twitter for real time updates on the cloud native ecosystem, Twistlock product, and cloud native security threats.
How to Lock Down the Kernel to Secure the Container HostRead the Blog
One Chapter Ends, Another BeginsRead the Blog
The Greatest Security Risks Lurking in Your CI/CD PipelineRead the Blog
Cloud Platform Radar: Powerful Cloud Asset IdentificationRead the Blog
Securing Serverless Functions: Visibility with Serverless RadarRead the Blog