anyone running any security agents in K8s?
what exactly do you mean by security agents?
@Marcin Brański general container runtime security and alerting on sudo command, kubectl exec into pods, etc.
whitelisted docker images
Nope, not yet. But instead of alerting on
kubectl exec or
sudo I would just disallow that by default.
While Kubernetes has many advantages, it also brings new security challenges.
Based on ultra low power STM32 MCU for daily hacking of access conrtol systems, radio protocols. Compatible with Arduino IDE and PlatformIO.
Hi all, I’m setting up ECR Image scanning on push for some images and I was wondering if anyone has a way how I could present the results in a better way other than having them on the AWS console. For example like exporting them to a S3 bucket. I’ve found this project but I’m not sure: https://github.com/aws-samples/amazon-ecr-continuous-scan Has anyone done something similar ?
Example container image re-scan with Amazon ECR. Contribute to aws-samples/amazon-ecr-continuous-scan development by creating an account on GitHub.
It’s easy to get the scan results. They are just json. The trick is how to turn those into something visually easy to use. Haven’t seen any tools for that
As we have use Domo for other stuff I might give it a try. I ll upload the JSON to a S3 bucket and then query and visualise with it .
it was a pita when I looked into ecr scan in the past and I decided to go with clair scanner running in ci pipeline after the image is build before it’s pushed to ecr
Run CoreOs Clair standalone. Contribute to arminc/clair-local-scan development by creating an account on GitHub.