Kubernetes Reachability
Kubernetes reachability defines how OX Security collects K8s workloads context from your Kubernetes clusters.
Kubernetes visibility in OX
Regardless of the connection model, OX enriches security findings with the Kubernetes Workloads context.
This includes:
Identifying which container images are actively running in workloads such as deployments and jobs.
Enriching issues with severity factors based on actual reachability and exposure.
Supporting prioritization based on whether workloads are internet-exposed or internally restricted.
Cloud provider context
When a cloud provider is connected (GCP, AWS, or Azure), OX adds cloud-level context to Kubernetes data.
This is used to:
Authenticate access to your cloud project or account as a prerequisite for Kubernetes connectivity
Enrich Kubernetes workloads with internet exposure
Generate a Cloud Bill of Materials (Cloud BOM) reflecting deployed assets
This applies to:
Direct integrations with GKE, EKS, and AKS
Inspector-based deployments that run in cloud environments
Kubernetes connection models
OX supports the following connection models:
Direct cloud integrations
Inspector-based model
In general, if your cluster is externally reachable, use direct cloud integration. Otherwise, deploy the Inspector.
The following table provides detailed explanations about how to choose a connection model.
Direct cloud integration
OX connects to the Kubernetes service through the cloud provider API.
Use this model when the cluster is externally reachable and inbound access is allowed by your network and security policies.
GKE with GCP EKS with AWS AKS with Azure
Inspector-based integration
The Inspector runs inside your environment and sends Kubernetes data to OX.
Use this model when the cluster is private, inbound connections are restricted, or the cluster is a native Kubernetes installation.
Inspector with GCP Inspector with AWS Inspector with Azure Inspector with native Kubernetes
Enriched visibility across OX
When you connect your GKE clusters to OX Security, the platform adds context to enhance visibility and prioritization across the system:
The Applications page is enriched with cloud deployment details, including Application Flow and Tags that reflect Kubernetes deployment and internet exposure.
Issues from SAST, SCA, and container scanning are enhanced with Kubernetes reachability severity factors.
The Attack Path tab in Active Issues reflects full cloud reachability, helping you understand how issues can be exploited in your Kubernetes environment.
Artifact integrity issues are raised for images that are running in the cluster but originate from untrusted or unknown sources.
The Artifact BOM page includes cloud deployment visibility, helping track where and how artifacts are used across clusters.
OX scans the specific versions of container images found in the cloud, not just the latest versions available in your registry.
OX surfaces vulnerability findings for public container images referenced by workloads and scans these images by pulling them from the public registry.
Last updated