Nutanix Kubernetes Platform integrates RapidFort’s automated software supply chain security to reduce container attack surfaces and close the gap between development speed and compliance.
For years, the relationship between development velocity and security has been adversarial by design. Developers push for speed; security teams push back with patch cycles, vulnerability audits, and compliance checklists. In Kubernetes environments, where containerised workloads multiply rapidly and software supply chains stretch across dozens of upstream dependencies, that tension is magnified. A single unpatched image can expose an entire cluster.
It is against this backdrop that Nutanix has announced a technical partnership with RapidFort, integrating the company’s automated supply chain security tooling directly into the Nutanix Kubernetes Platform (NKP). The announcement was made at KubeCon Amsterdam in March 2026, positioning the integration as an architectural response to one of the persistent pain points in cloud-native infrastructure: the gap between how fast organisations want to ship software and how rigorously they can secure it.
The Problem the Integration Is Solving
NKP is built to give platform teams a consistent operating model for Kubernetes across data centres, edge locations, and public cloud environments. What it has not historically included is a native mechanism for assessing or reducing the vulnerability footprint of the container images running on top of it.
That gap matters because the dominant model for vulnerability management in container ecosystems remains reactive. Teams receive CVE (Common Vulnerabilities and Exposures) reports, triage findings, apply patches, and redeploy. In practice, the cycle is slow. According to industry data, the median time to remediate a known container vulnerability runs to weeks, not hours. During that window, exposed components remain in production.
RapidFort’s approach reframes the problem. Rather than treating vulnerability remediation as a post-deployment activity, the platform analyses container images to identify which packages and libraries are actually invoked at runtime. Everything else — the unused code that nevertheless carries CVEs — is stripped from the image before it is deployed. The result is what RapidFort calls a ‘functional minimum’ image: a container that contains only what it needs to operate.
What the NKP Integration Delivers
Within NKP, the integration surfaces in several concrete ways. Platform teams gain access to RapidFort’s catalogue of hardened, ‘near-zero CVE’ base images. These are pre-optimised container images from which unnecessary packages have already been removed. For organisations that build their application images on top of standard upstream bases, this represents a measurable reduction in inherited vulnerability exposure from the ground up.
Beyond image hardening, the integration adds automated remediation capabilities to NKP’s existing policy framework. NKP already provides policy-driven guardrails for cluster governance; the RapidFort layer extends those controls to the software composition level. Vulnerability identification and package removal can be automated as part of the pipeline, reducing the manual effort currently absorbed by security and platform engineering teams.
The integration also addresses provenance. Across hybrid and edge deployments — environments where NKP is frequently used — maintaining a consistent and verifiable record of what is running in each cluster has been a challenge. RapidFort provides cryptographic proof of provenance for libraries within each image. For organisations operating under regulatory requirements or internal compliance standards, this audit trail has tangible value.
The Wider Context: AI Workloads and Supply Chain Risk
The timing of the announcement reflects a broader shift in enterprise infrastructure priorities. As organisations accelerate investment in AI and machine learning workloads, the container images underpinning those workloads have grown in complexity. Large language model inference pipelines, GPU-accelerated training containers, and the various orchestration layers above them introduce new categories of dependency — and new categories of supply chain risk.
In that environment, the question of what is actually running inside a container has become more difficult to answer and more consequential to get wrong. A vulnerability in a low-level numerical library that happens to be bundled with a machine learning framework may not be immediately visible in a standard vulnerability scan, but it remains exploitable.
The RapidFort integration is positioned as a response to precisely that class of risk: not the obvious, well-documented CVEs that security teams have learned to track, but the residual exposure embedded in packages that were never intentionally included and are never actively used.
Deployment Practicalities
For NKP customers, the integration is designed to operate within existing workflows rather than requiring separate tooling or a parallel security pipeline. The hardened images are available through NKP’s catalogue; the automated remediation capabilities hook into NKP’s policy engine. The intent is that teams do not need to choose between moving quickly and maintaining a defensible security posture — the two become, at least in principle, concurrent.
Whether that promise holds in practice will depend on the specific configuration and scale of each deployment. Organisations with highly customised application images, or those running workloads with unusual runtime dependencies, will need to validate that the functional minimum images meet their operational requirements. The cryptographic provenance chain also introduces additional pipeline steps that may require changes to existing CI/CD tooling.
Nevertheless, the architectural direction is clear. Container security that relies on post-deployment patching and manual CVE triage is increasingly untenable at scale. Automated attack surface reduction, built into the platform rather than bolted on afterward, is the direction the industry is moving. The NKP-RapidFort integration is a concrete implementation of that direction, available now to production deployments.
Dr. Jakob Jung is Editor-in-Chief of Security Storage and Channel Germany. He has been working in IT journalism for more than 20 years. His career includes Computer Reseller News, Heise Resale, Informationweek, Techtarget (storage and data center) and ChannelBiz. He also freelances for numerous IT publications, including Computerwoche, Channelpartner, IT-Business, Storage-Insider and ZDnet. His main topics are channel, storage, security, data center, ERP and CRM.
Contact via Mail: jakob.jung@security-storage-und-channel-germany.de