Defender for Containers

Jan 1, 0001

Definition

Defender for Containers is a cloud-native security solution provided by Microsoft Azure that offers comprehensive protection for containerized applications. It integrates with Azure Kubernetes Service (AKS) and other Kubernetes environments to provide vulnerability scanning, runtime protection, and compliance management. The service helps secure container workloads by monitoring for threats, enforcing security policies, and ensuring that containers adhere to best practices.

Secure Settings Example

apiVersion: v1
kind: Pod
metadata:
  name: secure-pod
spec:
  containers:
  - name: secure-container
    image: mysecureimage:latest
    securityContext:
      runAsNonRoot: true
      readOnlyRootFilesystem: true
      capabilities:
        drop:
        - ALL

Insecure Settings Example

apiVersion: v1
kind: Pod
metadata:
  name: insecure-pod
spec:
  containers:
  - name: insecure-container
    image: myinsecureimage:latest
    securityContext:
      runAsNonRoot: false
      readOnlyRootFilesystem: false
      capabilities:
        add:
        - NET_ADMIN

Defender for Containers

Definition

Secure Settings Example

Insecure Settings Example

Ask AppSec: free security newsletter

Ask AppSec: free security newsletter