A Combined Approach to Kubernetes Security with Trivy and Falco
Aquino, Alyssa (2025)
2025
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2025052917935
https://urn.fi/URN:NBN:fi:amk-2025052917935
Tiivistelmä
Ensuring the security of containerized applications in Kubernetes is a critical challenge. This study explores the use of combining Trivy and Falco to improve security visibility and risk mitigation in Kubernetes. Trivy was used to scan various targets, detecting security risks early in the development process, preventing it from reaching deployment. Falco monitored runtime activity, identifying suspicious behaviors based on predefined rules.
The study was conducted by deploying OWASP Juice Shop, a purposely vulnerable application, in a Google Kubernetes Engine cluster, and scanning it with Trivy for vulnerabilities, misconfigurations, exposed secrets, and license issues. For runtime security, Falco was deployed to monitor system calls and detect suspicious activities. To test Falco’s detection capabilities, Atomic Red Team was used to simulate real-world attack scenarios.
This study demonstrated that the combination of Trivy and Falco enhances Kubernetes security by providing a more comprehensive approach, covering different stages of the application lifecycle and different types of security issues. The results also highlight that integrating these tools increases security insight and enables both early detection and continuous monitoring of security threats in Kubernetes environments, ultimately reducing potential risks.
The study was conducted by deploying OWASP Juice Shop, a purposely vulnerable application, in a Google Kubernetes Engine cluster, and scanning it with Trivy for vulnerabilities, misconfigurations, exposed secrets, and license issues. For runtime security, Falco was deployed to monitor system calls and detect suspicious activities. To test Falco’s detection capabilities, Atomic Red Team was used to simulate real-world attack scenarios.
This study demonstrated that the combination of Trivy and Falco enhances Kubernetes security by providing a more comprehensive approach, covering different stages of the application lifecycle and different types of security issues. The results also highlight that integrating these tools increases security insight and enables both early detection and continuous monitoring of security threats in Kubernetes environments, ultimately reducing potential risks.