#security (2020-04)
Archive: https://archive.sweetops.com/security/
2020-04-10
anyone running any security agents in K8s?
what exactly do you mean by security agents?
@Marcin Brański general container runtime security and alerting on sudo command, kubectl exec into pods, etc.
whitelisted docker images
Nope, not yet. But instead of alerting on kubectl exec or sudo I would just disallow that by default.
2020-04-13
2020-04-16
2020-04-27
2020-04-29
Hi all, I’m setting up ECR Image scanning on push for some images and I was wondering if anyone has a way how I could present the results in a better way other than having them on the AWS console. For example like exporting them to a S3 bucket. I’ve found this project but I’m not sure: https://github.com/aws-samples/amazon-ecr-continuous-scan Has anyone done something similar ?
It’s easy to get the scan results. They are just json. The trick is how to turn those into something visually easy to use. Haven’t seen any tools for that
As we have use Domo for other stuff I might give it a try. I ll upload the JSON to a S3 bucket and then query and visualise with it .
2020-04-30
it was a pita when I looked into ecr scan in the past and I decided to go with clair scanner running in ci pipeline after the image is build before it’s pushed to ecr