Runtime-powered Container & IaC Security

How Kodem inspects and analyzes containers & IaC

Kodem embeds sensors at the container and cluster level to analyze configuration files for vulnerabilities and risk exposures, correlating them to code and runtime.

Base & running image scanning

Thorough examination of both the base and the running container images to determine code reachability and to identify any container-specific and IaC issues. By pinpointing vulnerable areas within your containerized applications and evaluating the exploitability of these vulnerabilities, Kodem maps the attack surface and prioritizes threats based on impact and ease of exploitation. This ensures your containers remain secure, with contextual insights that protect your software from potential threats, allowing you to address vulnerabilities before they can be exploited.

Artifact & configuration file evaluation

Examine Dockerfiles, Kubernetes manifests, and other IaC scripts for misconfigurations, insecure practices, and vulnerabilities. Through integrations with artifact registries like DockerHub, Amazon ECR and Google Container Registry (GCR), Kodem can scan all your Kubernetes clusters, providing precise remediation insights for packages imported via Dockerfile commands. These integrations offer unparalleled protection for your code and all software assets, enabling you to proactively address vulnerabilities. By effortlessly identifying organization-deployed base images, Kodem accurately pinpoints open-source security risks, ensuring your security is comprehensive and precise.

Deployment & OS-level dependency identification

Analyzes operating system (OS) dependencies embedded within the container images to ensure they do not introduce security risks. This pinpoints which parts of the codebase are accessible and potentially exploitable in a running environment.