Views:

Scan your Amazon EKS, Kubernetes, Red Hat OpenShift, and Google GKE clusters for security compliance issues and generate reports with actionable insights.

To see the compliance recommendations in detail, click on each supported benchmark in Compliance scanning report recommendations.
Important
Important
Compliance scanning is currently only supported on clusters mapped within Trend Vision One to a connected AWS account or GCP project. Real-Time Posture Monitoring must be enabled in that account, and the latest Container Security software must be installed.
The following table details the actions you can take on the Compliance tab.
Action
Description
Enable compliance scanning
Switch on the toggle to enable compliance scanning.
Before enabling compliance scanning, ensure that the following conditions are met.
  • Trend Vision One is connected to your AWS account and Real-Time Posture Monitoring is enabled.
  • You are running EKS clusters and they are mapped to your AWS account.
  • The latest Container Security software is running on the EKS clusters.
View the last scan time
View the last time your clusters were scanned.
  • To initiate a scan immediately, click Scan Now.
Scannable EKS clusters
View the list of requirements for EKS cluster compliance scanning as well as the number of compatible clusters that can be scanned. Compatible clusters include the number of clusters with Container Security installed (scannable clusters) vs the total number of connected clusters.
Note
Note
The numbers displayed are independent of Asset Visibility Management.
Click Reports to view the last scan report in the Reports app.
To learn more about the Reports app, see Reports.
Scannable Kubernetes clusters
View the list of requirements for self-managed Kubernetes cluster compliance scanning as well as the number of compatible clusters that can be scanned. Compatible clusters include the number of clusters with Container Security installed (scannable clusters) vs the total number of connected clusters.
Click Reports to view the last scan report in the Reports app.
To learn more about the Reports app, see Reports.
Click Compliance Scan Configuration Settings to view and modify your Kubernetes cluster rules and policies.
To learn more about Kubernetes compliance settings and benchmarks, see Kubernetes compliance scanning and Kubernetes 1.9.0 recommendations.
Scannable Red Hat OpenShift clusters
View the list of requirements for Red Hat OpenShift cluster compliance scanning as well as the number of compatible clusters that can be scanned. Compatible clusters include the number of clusters with Container Security installed (scannable clusters) vs the total number of connected clusters.
Note
Note
Red Hat OpenShift Container Platform versions 4.0 or newer are supported for compliance scanning.
Click Reports to view the last scan report in the Reports app.
To learn more about the Reports app, see Reports.
Scannable Google Kubernetes Engine (GKE) clusters
View the list of requirements for GKE cluster compliance scanning as well as the number of compatible clusters that can be scanned. Compatible clusters include the number of clusters with Container Security installed (scannable clusters) vs the total number of connected clusters.
Click Reports to view the last scan report in the Reports app.
To learn more about the Reports app, see Reports.
Scannable NSA/CISA Kubernetes Hardening Guidance
View the list of recommendations for NSA/CISA Kubernetes Hardening Guidance compliance scanning as well as the number of compatible clusters that can be scanned. Compatible clusters include the number of clusters with Container Security installed (scannable clusters) vs the total number of connected clusters.
Click Reports to view the last scan report in the Reports app.
To learn more about the Reports app, see Reports.
Related information