Kubernetes
Secure Containers for Every Kubernetes Cluster
ActiveState delivers low-to-no CVE container images that deploy into your Kubernetes clusters through the same pull and orchestration workflows you use today.
.webp)
How it works
Pull ActiveState container images from your private registry into your Kubernetes deployments. Images work with any OCI-compatible registry and any Kubernetes distribution, from managed services like EKS, GKE, and AKS to self-hosted clusters.
What ActiveState adds to Kubernetes
Minimal base images with fewer CVEs
ActiveState images start with a smaller attack surface. Fewer packages means fewer vulnerabilities, less scanner noise, and faster security reviews before deployment.
Nightly rebuilds, SLA-backed remediation
Images are rebuilt regularly and remediated within SLA timelines: 5 business days for critical CVEs, 10 for highs. Your pod specs stay the same while the images underneath get more secure.
Full SBOM and provenance per image
Every image includes a complete SBOM and build provenance. Policy engines like OPA Gatekeeper and Kyverno can enforce provenance requirements at the admission controller level.
FAQs
Does ActiveState work with my Kubernetes distribution?
Yes. ActiveState delivers standard OCI container images compatible with EKS, GKE, AKS, OpenShift, Rancher, and self-hosted Kubernetes clusters.
Can I customize ActiveState container images?
Yes. Start with an ActiveState base image and add packages from the Curated Catalog to build images tailored to your application. All customizations inherit the same build provenance and remediation SLAs.
Still have questions?
Talk to our team.
Deploy Secure Containers to Kubernetes
Talk to our team about integrating ActiveState container images into your Kubernetes clusters.
%20(1).webp)