Announcement

Launch Week 4 is a wrap!

TL;DR? We've got you covered.

Turbot Team
4 min. read - May 17, 2024
TL;DR? We've got you covered.

Our announcements this week span the breadth of Turbot offerings:

  • Steampipe's new connection-level qualifiers

  • Detect-and-correct mods for Flowpipe

  • KSPM and Kubernetes/ServiceNow discovery in Guardrails

  • Updated Guardrails CIS AWS/Azure/GCP assessments

  • Real-time CIS remediation for AWS in Guardrails

  • GitHub integration for custom mods in Pipes

  • Local and branch-based mod installation for Powerpipe

Watch the Wrap Party

Full Week Recap

Monday May 13: Steampipe connection-level qualifiers, AWS Thrifty for Flowpipe

Steampipe now accelerates queries that involve only one of many aggregated connections. Previously a query like select count(*) from aws_sqs_queue where account_id = '767398119043', if that account is one of 10, would have to list queues in all accounts before filtering down to just those in the account mentioned in the where clause. Now, that same where clause enables Steampipe to target that one account with surgical precision. The speedup is dramatic, as is the reduction in API load. In one test, the query ran 8 times faster and fetched 96.5% fewer rows!

A new kind of detect-and-correct mod for Flowpipe, AWS Thrifty, not only finds costly mistakes like its Powerpipe sibling does, but also fixes them — automatically, or with human approval that routes through Slack, MS Teams, or email. Flowpipe's AWS Thrifty is the first of a new wave of these no-code, config-driven remediation workflows.

Tuesday May 14: Kubernetes in Guardrails

Are you familiar with CSPM (cloud security posture management)? The new KSPM features in Guardrails follow suit. You can now evaluate Kubernetes resources as changes occur, instantly assess compliance, and maintain a real-time view of your K8S security posture.

Guardrails also just made it a lot easier to discover Kubernetes resources in ServiceNow's CMDB. Each Kubernetes resource type can be configured to sync to the ServiceNow CMDB. As Kubernetes resources are added, updated, or deleted, Guardrails handles the configuration drift and keeps the ServiceNow CMDB updated.

Wednesday May 15: Guardrails real-time remediation and CIS benchmark assessments

With new auto-remediation policies, Guardrails doesn't just watch your AWS environment for deviations from the CIS v3.0.0 Benchmark, it also automatically fixes misconfiguration in real-time, so you can get to green and then stay green.

We've also upgraded Guardrails' real-time CIS assessments across the board: for AWS v3.0.0, Azure v2.0.0, and GCP v2.0.0.

Thursday May 16: Pipes/GitHub integration, local and branch-based installation of Powerpipe mods

Life just got way easier for developers of Pipes custom mods. With the new GitHub integration you can now install a mod from a private as well as a public repo, and now from branches as well as tags. Pipes then watches your repo and, when you push changes, automatically updates the mod and — magically! — refreshes live dashboards.

Mods destined for Pipes begin with local development in Powerpipe. You can now rapidly iterate on mod dependencies by installing from the local filesystem. You can also now install mods from public or private repos, using branches as well as tags.

And that's a wrap!

The announcements this week are individually exciting, but the Turbot story is bigger than the sum of its parts. Our products work together to deliver cloud security and intelligence with incomparable breadth, depth, power, speed, and versatility. And there's more to come. Enjoy the current batch of new products and features, let us know how it goes, and stay tuned for our next Launch Week in a few months!