#security (2019-02)

Archive: https://archive.sweetops.com/security/

2019-02-27

Maciek Strömich avatar
Maciek Strömich
Top ten most popular docker images each contain at least 30 vulnerabilities | Snyk attachment image

we found that 44% of docker image scans had known vulnerabilities, and for which there were newer and more secure base image available. Most vulnerabilities originate in the base image you selected. For that reason, remediation should focus on base image fixes.

Maciek Strömich avatar
Maciek Strömich
88% increase in application library vulnerabilities over two years | Snyk attachment image

A good number of security vulnerabilities are discovered and fixed in non-official channels. We measured Snyk DB to uncover 67% more vulnerabilities than public databases. In 2018, new disclosures for npm grew by 47%, and Maven Central grew by 27%

2019-02-18

mbarrien avatar
mbarrien

I’ve been pretty active in getting http://github.com/pomerium/pomerium up and working, which is a fork of buzzfeed/sso with OIDC support (not my project, but have been contributing to it since I found it).

pomerium/pomerium

Pomerium is an identity-aware access proxy. Contribute to pomerium/pomerium development by creating an account on GitHub.

:--1:2
antonbabenko avatar
antonbabenko

This is awesome! I’ve been looking for such tool because I don’t want to deal with VPN.

pomerium/pomerium

Pomerium is an identity-aware access proxy. Contribute to pomerium/pomerium development by creating an account on GitHub.

pecigonzalo avatar
pecigonzalo

Not sure pomerium is the full picture for zero-trust and no vpn. I particularly miss A) documentation B) where is this covered? “device state.”

2019-02-14

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
05:22:29 AM

@Erik Osterman (Cloud Posse) set the channel purpose: Archive: https://archive.sweetops.com/security/

2019-02-13

zadkiel.aharonian avatar
zadkiel.aharonian

It works well!

zadkiel.aharonian avatar
zadkiel.aharonian

the official stable chart has been updated to reflect that: https://github.com/helm/charts/tree/master/stable/oauth2-proxy not sure https://github.com/cloudposse/charts/tree/master/incubator/oauth2-proxy is still needed (it’s out of date)

helm/charts

Curated applications for Kubernetes. Contribute to helm/charts development by creating an account on GitHub.

cloudposse/charts

The “Cloud Posse” Distribution of Kubernetes Applications - cloudposse/charts

pecigonzalo avatar
pecigonzalo

Its a shame that buzzfeed/sso is so poorly documented

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

and doesn’t support OIDC, WebSockets or half the jazz of bitly’s proxy

pecigonzalo avatar
pecigonzalo

There is that as well

pecigonzalo avatar
pecigonzalo

because the idea of splitting the proxy part (so it can be used as sidecar) is really nice

pecigonzalo avatar
pecigonzalo

Im also looking at https://ory.sh but seems so young (oathkeeper)

ORY - Open Source OAuth2 and OpenID Connect Access Control & API Security

Implement OAuth 2.0 and OpenID Connect in minutes with open source from ORY. Works in both new and existing systems.

2019-02-12

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

finally an official fork of bitly oauth2 proxy

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
pusher/oauth2_proxy

A reverse proxy that provides authentication with Google, Github or other provider - pusher/oauth2_proxy

:--1:1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

with fixes for OIDC support

    keyboard_arrow_up