Category: DevSecOps

Kubesec is an open-source Kubernetes security scanner and analysis tool. It scans your Kubernetes cluster for common exploitable risks such as privileged capabilities and provides a severity score for each found vulnerability. Security risk analysis for Kubernetes resources.Take in a single YAML file as input. + One YAML can connect multiple Kubernetes resources.Kubesec is available…

Read More “[KubeSec] Security risk analysis for Kubernetes resources” »

https://www.conftest.dev/ The Open Policy Agent (OPA, pronounced “oh-pa”) is an open source, general-purpose policy engine that unifies policy enforcement across the stack. Conftest is a utility to help you write tests (statically analyze) against structured configuration data. Using Conftest you can write tests for, + Terraform code, + Kubernetes Configurations + Dockerfile or any other…

Read More “[OPA Conftest] general-purpose policy engine” »

1) Bacsic Trivy Trivy is a simple and comprehensive vulnerability scanner for containers and other artifacts. When you use –exit-code 0, you are telling Trivy to always return an exit code of 0, regardless of whether vulnerabilities are found or not. This means that even if Trivy detects vulnerabilities that match the specified severity, the…

Read More “[Trivy] Protect your application by Trivy” »

Chúng ta có 1 bài post.https://www.theregister.com/2015/01/06/dev_blunder_shows_github_crawling_with_keyslurping_bots/ Git Hooks and Talisman Introduction HandsOn – Talisman thực hiện kiểm tra hook trong code dưới laptop. Thực hiện cài đặt Talisman trên máy của bạn Bạn thấy pre-push sẽ được thê trong hook của git Bạn có thể setup scankhi commit. Khi bạn thúc hiện commit thì talisman…

Read More “[Talisman/DevSecOps] Discover the sensitive information in your code.” »