#security (2019-02)

Archive: https://archive.sweetops.com/security/

2019-02-12

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
06:21:47 AM

finally an official fork of bitly oauth2 proxy

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
06:21:48 AM

https://github.com/pusher/oauth2_proxy

pusher/oauth2_proxy

A reverse proxy that provides authentication with Google, Github or other provider - pusher/oauth2_proxy

1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
06:22:02 AM

with fixes for OIDC support

2019-02-13

zadkiel avatar
zadkiel
11:30:56 AM

It works well!

zadkiel avatar
zadkiel
11:37:59 AM

the official stable chart has been updated to reflect that: https://github.com/helm/charts/tree/master/stable/oauth2-proxy not sure https://github.com/cloudposse/charts/tree/master/incubator/oauth2-proxy is still needed (it’s out of date)

helm/charts

Curated applications for Kubernetes. Contribute to helm/charts development by creating an account on GitHub.

cloudposse/charts

The “Cloud Posse” Distribution of Kubernetes Applications - cloudposse/charts

pecigonzalo avatar
pecigonzalo
02:19:15 PM

Its a shame that buzzfeed/sso is so poorly documented

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
06:47:08 PM

and doesn’t support OIDC, WebSockets or half the jazz of bitly’s proxy

pecigonzalo avatar
pecigonzalo
10:09:41 AM

There is that as well

pecigonzalo avatar
pecigonzalo
02:19:30 PM

because the idea of splitting the proxy part (so it can be used as sidecar) is really nice

pecigonzalo avatar
pecigonzalo
02:19:48 PM

Im also looking at https://ory.sh but seems so young (oathkeeper)

ORY - Open Source OAuth2 and OpenID Connect Access Control & API Security

Implement OAuth 2.0 and OpenID Connect in minutes with open source from ORY. Works in both new and existing systems.

2019-02-14

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
05:22:29 AM

set the channel description: Archive: https://archive.sweetops.com/security/

2019-02-18

mbarrien avatar
mbarrien
06:14:56 PM

I’ve been pretty active in getting http://github.com/pomerium/pomerium up and working, which is a fork of buzzfeed/sso with OIDC support (not my project, but have been contributing to it since I found it).

pomerium/pomerium

Pomerium is an identity-aware access proxy. Contribute to pomerium/pomerium development by creating an account on GitHub.

2
antonbabenko avatar
antonbabenko
06:28:14 PM

This is awesome! I’ve been looking for such tool because I don’t want to deal with VPN.

pomerium/pomerium

Pomerium is an identity-aware access proxy. Contribute to pomerium/pomerium development by creating an account on GitHub.

pecigonzalo avatar
pecigonzalo
10:47:52 AM

Not sure pomerium is the full picture for zero-trust and no vpn. I particularly miss A) documentation B) where is this covered? “device state.”

2019-02-27

Maciek Strömich avatar
Maciek Strömich
08:52:01 AM

https://snyk.io/blog/top-ten-most-popular-docker-images-each-contain-at-least-30-vulnerabilities/

Top ten most popular docker images each contain at least 30 vulnerabilities | Snykattachment image

we found that 44% of docker image scans had known vulnerabilities, and for which there were newer and more secure base image available. Most vulnerabilities originate in the base image you selected. For that reason, remediation should focus on base image fixes.

Maciek Strömich avatar
Maciek Strömich
08:52:10 AM

and https://snyk.io/blog/88-increase-in-application-library-vulnerabilities-over-two-years/

88% increase in application library vulnerabilities over two years | Snykattachment image

A good number of security vulnerabilities are discovered and fixed in non-official channels. We measured Snyk DB to uncover 67% more vulnerabilities than public databases. In 2018, new disclosures for npm grew by 47%, and Maven Central grew by 27%

    keyboard_arrow_up