June 27, 2022

Now Available: Deepfactor Developer Security v2.4

Deepfactor

Deepfactor v2.4 Enhancements Provide Additional Flexibility for Developers Including the Ability to Configure Schema to Derive Application Names, Choose How Pods Can Be Grouped into Apps, More

With the newly released v2.4, we continue the theme of providing flexibility in our Kubernetes admission webhook. These new options will allow customers to configure the webhook to suit their deployment model.

For additional details on v2.4, please review the Release Notes in Deepfactor Docs.

 

Release Highlights: Continue reading after the matrix to learn more about the latest version of Deepfactor!

Features Enhancements
Core Platform
  • Deepfactor portal and mutating admission webhook can now be installed using ArgoCD
  • Deepfactor portal and mutating admission webhook can now be deployed using cert-manager which eliminates the need to run scripts to generate self-signed certificates
  • Deepfactor portal supports TLS termination on the external load balancer
  • Optimizations in the way Deepfactor sends and stores telemetry from running applications
  • NGINX ingress controller in Deepfactor portal stack will now be deployed as deployment instead of daemonset.
  • Optimized telemetry retention period for efficient disk usage
Instrumentation
  • Instrument pods based on labels
  • Templatized appName, componentName and componentVersion options in the webhook config
  • Stack trace collection is enabled by default.
Insights
  • Namespace filter added in the UI so customers can view the insights for the particular namespace
  • Added support for reporting vulnerabilities for applications running on Centos:9, Ubuntu:22.04, and Alpine:3.16
  • Alert when an application deletes a file in a sensitive path configured in the policy.
  • Better pre-flight checks and alerts for applications using a non-OS libc
  • False Positive in “New executable created” alert due to directory create event is fixed.
  • False-positive alert “File opened with RD/WR” when a file from a configured sensitive path is open with read-only permission is fixed.

 

Watch the latest version of Deepfactor Developer Security in action!

Release Details

New Features:

  1. Label-based instrumentation: You can now select the pods in your cluster that you want to instrument with Deepfactor, using label selectors. Read more about how to configure this option here.
  2. Templatized appName and componentName: In order to provide flexibility to group pods into an application, the Deepfactor webhook now accepts templatized appName and componentName options. Some common values and scenarios have been captured in this article
  3. Deepfactor portal installation using Argo CD: If you use Argo CD, you can now use it to install the Deepfactor portal. You can read how to do this here.
  4. Namespace filter: If you are running your pods in multiple namespaces, you can now filter based on namespace on the Deepfactor UI.

Key Enhancements

  1. Performance improvements: We have implemented a series of performance optimizations in v2.4, resulting in significant reduction in the amount of telemetry sent and stored. This should improve not only performance but also the number of concurrent applications the Deepfactor portal can handle.
  2. TLS termination on external load balancer: If you have already configured a load balancer in your K8s cluster, the Deepfactor portal can use the same.

 

Visit our Release Notes for more information about our latest releases. And, as always, for those interested in learning more about Deepfactor and the improvements introduced in v2.4, you can request a demo.

Subscribe to our monthly eNewsletter and stay up-to-date on everything Deepfactor has to offer!