This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 60%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Hello all,
I am mike. We are currently working on a solution to have an active tool that helps us to check any misconfigurations, scans images for the containers. We found Trivy-operator as one of the solution becuase of it ease of use and capability to run both misconfigurations, vulnerability scanning for the cluster and pod level. On the other hand, Defender has free and also paid plans like defender for containers to perform the similar tasks. It is a little bit confusing which is the best solution that covers the best and provides us good results. Does any one worked with these before?
Have a great day ahead
Mike
Hello @Mike
Thank you for reaching out to the Microsoft Q&A platform.
It's great to hear that you are exploring different options to secure your containers. Both Trivy-operator and Microsoft Defender for Containers are great solutions for container security. Trivy-operator is an open-source tool that can be used to scan container images for vulnerabilities and misconfigurations. It is easy to use and can be run at both the cluster and pod level.
On the other hand, Microsoft Defender for Containers is a cloud-native solution that provides a comprehensive approach to container security. It offers features such as environment hardening, vulnerability assessment, and run-time threat protection for nodes and clusters. It also provides recommendations and threat alerts based on gathered data.
While both solutions have their own strengths, Microsoft Defender for Containers offers a more comprehensive approach to container security. It is also available in both free and paid plans, which can be helpful depending on your specific needs.
I hope this helps you make an informed decision. If you have any further questions or need more information, please let me know.
If I have answered your query, please click "Accept as answer" as a token of appreciation
Hello @Prrudram-MSFT ,
Thanks for your response. I still have few questions,
Thanks again for your support
Mike
Hello Mike
We noticed that you rated an answer as not helpful. We value your feedback and want to see if there is anything we can do to improve it and make this a positive experience for you.
Please Accept Answer and hit Yes for "was this answer helpful" if below answer helps
To answer your questions,
Yes, Azure Defender for Kubernetes provides image scanning, misconfiguration detection, and runtime threat analysis for your Kubernetes clusters. It can help you identify and remediate security issues in your container images and Kubernetes configurations.
Azure Defender for Kubernetes uses the open-source tool Trivy for image scanning. Trivy is a comprehensive vulnerability scanner for container images that can detect vulnerabilities in operating system packages, application dependencies, and more.
And yes, if you are already paying for Azure Defender, you can use it to protect your container workloads as well. Azure Defender for Containers provides vulnerability assessment and runtime protection for your container images and deployments. You can find more information about Azure Defender for Containers in the following link:
https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-containers-introduction
Note: Microsoft Defender for Kubernetes has been replaced with Microsoft Defender for Containers.
Thanks!
Hello @Prrudram-MSFT ,
Yes, I understand. I have still some questions. You mentioned that Azure Kubernetes only checks Cluster and Node level but not pods. So, it can check all the image scanning, misconfigurations, runtime threat analysis for only cluster and node level.
So, Azure defender will not check any security like misconfigurations , Image scanning for the pods level? Could you please confirm this? It will really helps me to take further decision.
Mike Microsoft Defender for Cloud provides real-time threat protection for your Azure Kubernetes Service (AKS) containerized environments and generates alerts for suspicious activities. Threat protection at the cluster level is provided by the analysis of the Kubernetes audit logs. Host-level threat detection for your Linux AKS nodes is available if you enable Microsoft Defender for Servers and its Log Analytics agent. However, if your cluster is deployed on an Azure Kubernetes Service virtual machine scale set, the Log Analytics agent isn't currently supported.
Regarding the pods, Microsoft Defender for Cloud does not provide security checks for individual pods. However, it does provide vulnerability assessment and management tools for images stored in Azure Container Registry and Elastic Container Registry