StackRox architecture

Discover the StackRox Kubernetes Security Platform architecture and concepts.

1 minute read

The StackRox Kubernetes Security Platform installs as a set of pods in your Kubernetes or OpenShift cluster and includes the following components:

ComponentDescriptionQuantity
CentralGathers and displays information from other components.1 for multiple clusters.
SensorCollects and augments data from the Collector.1 for each cluster.
ScannerScans images for vulnerabilities.1 for multiple clusters.
CollectorCollects and monitors container activities.1 on each node.
Admission controller (optional)Interacts with Kubernetes API server and prevents creating workloads that don’t adhere to security policies.1 for each cluster.

Central

The main component of the StackRox Kubernetes Security Platform is called Central and it’s installed as a Kubernetes deployment. Central handles data persistence, API interactions, and UI access. You can use the same Central instance to secure multiple Kubernetes clusters.

Sensor

The StackRox Kubernetes Security Platform uses the Sensor component to monitor Kubernetes and OpenShfit clusters. It handles interactions with the Kubernetes API for policy detection and enforcement, and coordinates with Collector.

Scanner

The StackRox Kubernetes Security Platform includes an image vulnerability scanning component called Scanner. It analyzes all image layers to check for known vulnerabilities from the Common Vulnerabilities and Exposures (CVEs) list. Scanner also identifies vulnerabilities that are installed by package managers and language-level dependencies.

For more details, see the Examine images topic.

Scanner only scans the images that aren’t already scanned by other integrated vulnerability scanners. It means that if you’ve integrated the StackRox Kubernetes Security Platform with other vulnerability scanners, Scanner checks and uses the scanning results from the integrated scanner if available.

Collector

Collector collects and monitors information about container runtime and network activity. It then provides the collected information to Sensor.

Admission controller

The admission controller prevents users from creating workloads that violate security policies in the StackRox Kubernetes Security Platform.

Questions?

We're happy to help! Reach out to us to discuss questions, issues, or feature requests.

© 2021 StackRox Inc. All rights reserved.