Skip to content

Security Risk Analysis

This document provides an overview of the security risk analysis for the Secure CINC Auditor Kubernetes Container Scanning platform.

Introduction

Understanding the security risks associated with container scanning is essential for implementing effective controls and selecting the most appropriate approach for your environment. This section provides a comprehensive security risk analysis for all scanning approaches.

Risk Analysis by Approach

Each container scanning approach has different security characteristics, risks, and mitigations:

Risk Model and Framework

Our Risk Model provides the framework and methodology used to assess security risks across all scanning approaches. It includes:

  • Risk assessment methodology
  • Risk classification criteria
  • Impact and likelihood ratings
  • Risk acceptance thresholds

Comprehensive Mitigations

Risk Mitigations documents the strategies and controls implemented to address identified risks, including:

  • Universal mitigations applied to all approaches
  • Approach-specific mitigations
  • Enterprise security recommendations
  • Operational best practices

Security Risk Overview

Security Factor Kubernetes API Approach Debug Container Approach Sidecar Container Approach
Required Privileges Container access Ephemeral container creation Process namespace sharing
Attack Surface Minimal Moderate Moderate
Credential Exposure Minimal Minimal Minimal
Isolation Level High Moderate Lower
Persistence Risk None (stateless) None (ephemeral) Container lifetime

Risk-Based Selection

For a detailed comparison of risks to guide approach selection, see: