Cloud-native CI/CD pipelines and build processes often expose Kubernetes to attack vectors via internet-sourced container images. Despite scanning, these container images can still be susceptible to supply chain attacks if not properly verified. Ensuring immutability-coupled with thorough scanning and strict verification-is crucial for any container entering Kubernetes clusters. This is particularly vital for securing observability solutions like Dynatrace® Kubernetes infrastructure observability, application observability, and Application Security.

The Dynatrace Operator is responsible for the secure lifecycle of components necessary for Kubernetes cluster monitoring. Dynatrace Operator ensures secure download and rollout of components via protected connections to the Dynatrace platform. Introducing Cosign-signed immutable images, Dynatrace further empowers you to independently verify images, maintaining observability free from supply chain attacks.

The benefits of independently verifiable container images begin, but do not end, with enhanced security.

Security: Signing and immutability of container images significantly reduce the risk of security breaches, ensuring that only verified, tamper-proof observability tools are deployed.
Compliance: Adhering to stringent security standards helps meet regulatory and compliance requirements for cloud-native environments.
Reliability: Immutable images guarantee consistent performance and behavior, enhancing stability.