This topic describes the architecture and features of security-inspector. The security-inspector component is the key component for implementing security inspection.

Architecture

The following figure shows the architecture of security-inspector.

security-inspector

Inspection features

security-inspector provides the following inspection features.

  • The security-inspector component uses Polaris to implement security inspection. This allows you to detect security risks of workload configurations in a Kubernetes cluster in real time.
    Note Polaris is an open-source project that is used to identify security risks of workload configurations in a Kubernetes cluster For more information, see Polaris.
  • The security-inspector component scans workload configurations in terms of health-checks, image policies, network configurations, resources, security capabilities, and security configurations. This allows you to check whether security risks exist in applications in real time. Solutions are also provided for you to deal with the security risks. For more information, see Use the Inspection component to check security risks of the workloads in an ACK cluster.