Product In Depth: Detailed Violation Analysis

Detailed Dashboards and Reports

Security, compliance, and governance are not just one-time events that happen every so often. Managing a compliant environment is a 24x7 operation. Magalix provides robust dashboards and reports to give you complete visibility and confidence in knowing what’s in violation, when it happened, and how to remedy it.

KubeNotifier: Real-Time Event Notification

If you are interested in real-time event notification, KubeNotifier adds that functionality by allowing you to select the type of event you want to be notified of. When an event is triggered, a notification can be sent to a location of your choice.

An advantage of DevOps is automation. Magalix is designed so you can create your workflows based on a configurable set of events or clusters. We know everyone has their favorite tool and depending on what you’re doing, automated workflows will slightly differ from organization to organization. The commonalities amongst most implementations we have come across all require integration with messaging systems, on-call notification tools, and ticketing solutions. A common use case is to send a message to the on-call event notifier and automatically create a ticket with all the information necessary to begin cataloging an event trail.

Violation Reporting

When a violation does occur, the first thing you’ll want to do is see which Policy is in violation. Once you find the entity causing the violation, take a look at the evidence to see what’s wrong. You’ll not only get some important metadata but you’ll see the actual entity in violation.

In this example, we want to violate an entity if it’s using an image tag of latest, or nothing at all.

As you drill down, you’ll see that we are running Jaegar’s all-in-one container without setting an image tag.

Regulation and Compliance Reports

If your teams consist of auditors and compliance experts, consider yourself in a good place. In many cases we’ve come across, that’s not the typical team composition. What we’ve discovered is that many DevOps teams believe they have a good idea of what compliance auditors are looking for, but claim they aren’t the go-to experts, especially when it comes to certain regions and business verticals. Handling personably identifiable information carries a great risk so “kinda knowing it” isn’t going to be acceptable.  

Our goals at Magalix include educating and simplifying the implementation of governance, along with industry-specific regulations, so adding it to your already exhaustive set of responsibilities isn’t another full-time job. Magalix has teamed with compliance officers and auditors to provide extensive coverage of regulation requirements using policy-as-code. Select from a number of predefined policies, reports, and views to help ease the burden of trying to gather compliance evidence when asked by an auditor.

With Magalix, achieving DevSecOps isn’t as difficult as you may have been led to believe. Interested in learning more about how to start resolving violations in minutes?

Conclusion

Staying on top of compliance isn’t hard with the right tools at your disposal. Knowing when violations occur and what causes them are all part of triaging and could be requested during a compliance audit. Magalix saves you time and effort by collecting evidence and providing verification of remediation so you confidently know your compliance posture at any time.