#security (2020-04)
Archive: https://archive.sweetops.com/security/
2020-04-10
![btai avatar](https://avatars.slack-edge.com/2019-09-04/736463433650_34701761239ea7ba8207_72.jpg)
anyone running any security agents in K8s?
![Marcin Brański avatar](https://secure.gravatar.com/avatar/7f3c56304d6e3adb7658889af56cd171.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0001-72.png)
what exactly do you mean by security agents?
![btai avatar](https://avatars.slack-edge.com/2019-09-04/736463433650_34701761239ea7ba8207_72.jpg)
@Marcin Brański general container runtime security and alerting on sudo command, kubectl exec into pods, etc.
![btai avatar](https://avatars.slack-edge.com/2019-09-04/736463433650_34701761239ea7ba8207_72.jpg)
whitelisted docker images
![Marcin Brański avatar](https://secure.gravatar.com/avatar/7f3c56304d6e3adb7658889af56cd171.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0001-72.png)
Nope, not yet. But instead of alerting on kubectl exec
or sudo
I would just disallow that by default.
2020-04-13
![Exequiel Barrirero avatar](https://avatars.slack-edge.com/2023-05-29/5341352413764_fb3262cc4b4be6b53bb0_72.png)
![attachment image](https://www.microsoft.com/security/blog/wp-content/uploads/2020/04/Attack-matrix-Kubernetes-banner.png)
While Kubernetes has many advantages, it also brings new security challenges.
2020-04-16
![Maciek Strömich avatar](https://secure.gravatar.com/avatar/98de12365b633b063e208220100d4594.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0002-72.png)
![attachment image](https://static.tildacdn.com/tild3038-3932-4065-a163-656631323038/main-2500-2.jpg)
Based on ultra low power STM32 MCU for daily hacking of access conrtol systems, radio protocols. Compatible with Arduino IDE and PlatformIO.
2020-04-27
2020-04-29
![ennio.trojani avatar](https://secure.gravatar.com/avatar/6bb21b2059c8da147615e16b22581273.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0007-72.png)
Hi all, I’m setting up ECR Image scanning on push for some images and I was wondering if anyone has a way how I could present the results in a better way other than having them on the AWS console. For example like exporting them to a S3 bucket. I’ve found this project but I’m not sure: https://github.com/aws-samples/amazon-ecr-continuous-scan Has anyone done something similar ?
Example container image re-scan with Amazon ECR. Contribute to aws-samples/amazon-ecr-continuous-scan development by creating an account on GitHub.
![Steven avatar](https://secure.gravatar.com/avatar/85c27d283a537b0c5b54590f47293fe1.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
It’s easy to get the scan results. They are just json. The trick is how to turn those into something visually easy to use. Haven’t seen any tools for that
![ennio.trojani avatar](https://secure.gravatar.com/avatar/6bb21b2059c8da147615e16b22581273.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0007-72.png)
As we have use Domo for other stuff I might give it a try. I ll upload the JSON to a S3 bucket and then query and visualise with it .
2020-04-30
![Maciek Strömich avatar](https://secure.gravatar.com/avatar/98de12365b633b063e208220100d4594.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0002-72.png)
it was a pita when I looked into ecr scan in the past and I decided to go with clair scanner running in ci pipeline after the image is build before it’s pushed to ecr
![Maciek Strömich avatar](https://secure.gravatar.com/avatar/98de12365b633b063e208220100d4594.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0002-72.png)
Run CoreOs Clair standalone. Contribute to arminc/clair-local-scan development by creating an account on GitHub.