we found that 44% of docker image scans had known vulnerabilities, and for which there were newer and more secure base image available. Most vulnerabilities originate in the base image you selected. For that reason, remediation should focus on base image fixes.
A good number of security vulnerabilities are discovered and fixed in non-official channels. We measured Snyk DB to uncover 67% more vulnerabilities than public databases. In 2018, new disclosures for npm grew by 47%, and Maven Central grew by 27%
I’ve been pretty active in getting http://github.com/pomerium/pomerium up and working, which is a fork of buzzfeed/sso with OIDC support (not my project, but have been contributing to it since I found it).
Not sure pomerium is the full picture for zero-trust and no vpn. I particularly miss A) documentation B) where is this covered? “device state.”
@Erik Osterman (Cloud Posse) set the channel purpose: Archive: https://archive.sweetops.com/security/
It works well!
the official stable chart has been updated to reflect that: https://github.com/helm/charts/tree/master/stable/oauth2-proxy not sure https://github.com/cloudposse/charts/tree/master/incubator/oauth2-proxy is still needed (it’s out of date)
because the idea of splitting the proxy part (so it can be used as sidecar) is really nice
Im also looking at https://ory.sh but seems so young (oathkeeper)
Implement OAuth 2.0 and OpenID Connect in minutes with open source from ORY. Works in both new and existing systems.
finally an official fork of bitly oauth2 proxy
with fixes for OIDC support