UploadLanguage (EN)Support
BusinessMobileSocial MediaMarketingTechnologyArt & PhotosCareerDesignEducationPresentations & Public SpeakingGovernment & NonprofitHealthcareInternetLawLeadership & ManagementAutomotiveEngineeringSoftwareRecruiting & HRRetailSalesServicesScienceSmall Business & EntrepreneurshipFoodEnvironmentEconomy & FinanceData & AnalyticsInvestor RelationsSportsSpiritualNews & PoliticsTravelSelf ImprovementReal EstateEntertainment & HumorHealth & MedicineDevices & HardwareLifestyle
Upload
Sign in
Anchore , profile picture
Uploaded byAnchore
72 views

Shift Right Security for EKS Webinar Slides

Container vulnerabilities don't stop at deployment. As your Kubernetes workloads scale across Amazon EKS clusters, maintaining continuous visibility becomes increasingly challenging, yet critically important. Anchore's Kubernetes Runtime Inventory delivers the real-time insights security and DevOps teams need to identify vulnerabilities, enforce policies, and maintain compliance in production environments. Join Anchore Customer Success Engineer Ty Henry and Bion Consulting Senior DevOps Engineer Baturay Ozcan for an in-depth technical demonstration and informational webinar.

Software
Download to read offline
1 / 25
2 / 25
3 / 25
4 / 25
5 / 25
6 / 25
7 / 25
8 / 25
9 / 25
10 / 25
11 / 25
12 / 25
13 / 25
14 / 25
15 / 25
16 / 25
17 / 25
18 / 25
19 / 25
20 / 25
Shift Right Security for EKS: 1 Runtime Visibility with Anchore Enterprise
Housekeeping 2 01 02 03 All participant lines are muted Questions will be accepted throughout, enter questions via Q&A panel You will receive a follow-up email with a link to the recording
Introductions 3
Today’s Flow 4 01 02 03 Understanding Kubernetes Runtime Inventory Deploying Kubernetes Runtime Inventory on EKS Live Demo 04 Q+A
The Problem - Complexity 5 Run Deploy Stage Build Source Many dependencies brought in at each stage Multiple teams and tools Multiple Source repos Multiple builds per day Multiple registries Multiple deployments Multiple clusters Scan Limited checks Scan SHIFTED RIGHT
Anchore Overview Select Public Sector Customers Select Enterprise Customers ● Founded in 2016 in California by ex-Ansible / Red Hat / Eucalyptus Founders ● Creators of Syft and Grype with tens of million downloads ● Anchore Enterprise deployed in the DOD and the largest technology vendors in the world since 2018 6
What is Anchore? 7
Anchore Kubernetes Inventory 8 Why Kubernetes Inventory?
Security Concerns A 2024 Article on Kubernetes adoption, security, and market trends published by RedHat showed that security issues using Kubernetes forced 67% of companies to delay or slow down application deployment to production. https://www.redhat.com/en/resources/kubernetes-adoptio n-security-market-trends-overview 9
The Challenges Kubernetes complexity and requirement to be dynamic introduces some unique security and visibility challenges. ● Vulnerable Container Images ■ If you have a Kubernetes cluster, how do you know whether any of the images running in it are exploitable? ● Potential Secret Exposure ● Runtime Security Risks ● Supply Chain Attacks ● Constant Deployments and Application Changes 10
Typical Best Practices Some of the basic best practices that you can take to attempt to circumvent some of these security and visibility challenges; ● Regularly scan container images for vulnerabilities and use minimal base images. ● Securely manage secrets using dedicated tools and encryption.(Vault etc.) ● Employ container runtime security solutions to monitor and secure containers at runtime. ● Implement admission controllers to enforce security policies at deployment time (check out Anchore’s Kubernetes Admission Controller!) ● Keep Kubernetes components up to date with the latest security patches ● Utilize monitoring tools like Prometheus and Grafana to collect and visualize metrics. 11
Anchore’s Solution: Kubernetes Inventory What is it? A solution for a number of the previous challenges. A real-time inventory of container images running in specified Kubernetes clusters and namespaces, helping to give an insight into where vulnerabilities or policy violations could be found in your production workloads. ● A feature included in Anchore Enterprise to monitor running containers. ● Uses the anchore-k8s-inventory agent(a Go binary) to poll Kubernetes clusters. ● Reports which images are in use across namespaces and clusters. 12
Workflow Diagram 13 Runtime Inventory Agent Anchore Enterprise API Map to Inventory return image list query K8s API for pods return Inventory to API Poll interval
Overview of Runtime Inventory ● Anchore Kubernetes Inventory works by deploying an agent(anchore-k8s-inventory) via a helm chart. The agent is built on a Go binary and works by actively querying the Kubernetes API to discover and report on the container images running within your cluster. ● It is able to then track your inventory for you and then uses the Anchore API to report this data back to your Anchore Enterprise deployment. ● Anchore Enterprise then offers a host of features allowing you to generate SBOMs, search for malware and secrets, analyse and check the images running in your cluster for any security issues. 14
Requirements to Install The requirements for its installation: ● A running Anchore Enterprise instance ■ If you are not yet an Anchore Enterprise customer and therefore do not currently have a Anchore Enterprise instance, you can reach out to our team at <insert sales email> to discuss. You will require an Anchore Enterprise License. ● A Kubernetes cluster with Helm installed. ■ Our demo will be running on a managed EKS cluster. (EKS - specify versions) ● The correct configuration details to provide via the values.yaml file during installation The official Anchore documentation will contain the most up-to-date and detailed requirements and installation instructions. https://docs.anchore.com/5.13/docs/integration/kubernetes/runtime 15
How does it address the challenges? As an overall summarization, the insight to containers and visibility can be extremely critical to the safety of not only the production deployment and the applications but also can the private/internal infrastructure of an org depending on what can be seen/accessed from any explicitly compromised weakness. Using the Kubernetes Runtime Inventory will assist you in preventing this from happening by providing you with the ability to; ○ Perform vulnerability scanning and policy evaluation. ○ Generate SBOMs for the running containers ○ Secret Searches and Malware Scanning at Runtime ○ Track vulnerabilities across your environment from multiple clusters. ○ UI navigation: Explore clusters, namespaces, and image details. 16
At Bion, we combine deep technical expertise with a fully hands-on approach to help organisations scale securely in the cloud. Headquartered in London and recognised as an AWS Advanced Partner, our team specialises in high-impact engineering, prioritising DevSecOps, Kubernetes, multi-cloud infrastructure, and end-to-end DevOps. In collaboration with partners like Anchore, we bring runtime security, SBOM visibility, and supply chain assurance directly into your DevOps workflows, without slowing down delivery. Bion specialises in the following areas: ● DevSecOps & Supply Chain Security ● Kubernetes ● Cloud (AWS, GCP, Azure) ● Automation & DevOps An engineering-led fully hands-on Cloud and DevOps consultancy 17
Installation via Helm Chart: 1. Get Anchore URL (not required for in-cluster installations) 2. Create secret for Anchore credentials 3. Author a values file Deploying Kubernetes Runtime Inventory on Amazon EKS 18
Configuration Options Mode: - Adhoc (Default) - Periodic Deploying Kubernetes Runtime Inventory on Amazon EKS 19
Configuration Options Namespace Selectors: Deploying Kubernetes Runtime Inventory on Amazon EKS 20
Configuration Options Account Routing: Specifies the accounts to route different namespaces Deploying Kubernetes Runtime Inventory on Amazon EKS 21
Q&A 22
Summary 23 01 02 03 Understanding the security challenges surrounding Kubernetes The importance of tackling the issue(s) and maintaining the solution to improvement Requirements and process of deploying 04 Practical and reproducible demo
Next Steps 24 Contact us for a private hands-on demo session https://get.anchore.com/contact/ OR https://www.bionconsulting.com/contact-us Visit our GitHub and Discourse github.com/anchore and anchore.com/discourse How to Secure Your Kubernetes Software Supply Chain at Scale https://get.anchore.com/secure-your-kubernetes-software-supply-chain/
© 2025 sales@anchore.com anchore.com Thank you!