Workload Security
Overview
Section titled “Overview”Beyond code and cloud config, RedCloud scans the workloads themselves: container images, Kubernetes clusters, and virtual machines / operating systems.
Key benefits
Section titled “Key benefits”| Benefit | Capability | Business value |
|---|---|---|
| Image hygiene | Container vulnerability scanning | Ship images free of known-vulnerable packages |
| Cluster posture | Kubernetes security checks | Harden K8s control plane and workloads |
| Host hardening | VM/OS scanning | Catch OS-level misconfigurations |
How it works
Section titled “How it works”Container security
Section titled “Container security”The Container Scanner inspects images for vulnerable packages and insecure configuration, so you catch risk in the image before it runs.
Kubernetes security
Section titled “Kubernetes security”K8s Security evaluates cluster and workload configuration (and includes an admission-control capability), aligning with GKE hardening checks from the cloud scan.
VM / OS scanning
Section titled “VM / OS scanning”The VM / OS Scanner assesses host-level hardening. Host scans can connect over IAP tunnel, direct SSH, or metadata-only (chosen on the New Scan form), so you pick the access method that fits your environment.
Implementation / workflow
Section titled “Implementation / workflow”- Enable the relevant scan — Host Security Scan (with an SSH method) for VMs, and the container/K8s scanners for workloads.
- Review workload findings alongside the cloud posture.
- Patch images, harden clusters, and remediate host findings; re-scan to confirm.
Best practices
Section titled “Best practices”- Scan images in your pipeline so vulnerable images never reach production.
- Choose the least-intrusive host access method that still gives the coverage you need (IAP tunnel is often ideal).