Deploying Kong DB less and Konga via Ready to Use Yaml files

Posted on By nim No Comments on Deploying Kong DB less and Konga via Ready to Use Yaml files
Deploying Kong DB less and Konga via Ready to Use Yaml files

refer to: https://medium.com/@nikhil.nagarajappa/deploying-kong-db-less-and-konga-via-raedy-to-use-yaml-files-38dce989674d What is kong? Kong is a popular open-source API gateway and microservices management layer. It acts as an intermediary between clients and backend services by providing a unified entry point for all API traffic. Kong is designed to handle API traffic at scale and provides features such as load balancing, authentication, rate…

Read More “Deploying Kong DB less and Konga via Ready to Use Yaml files” »

Kubernetes

[EKS/Pods] Why can not the pod on EKS call http://169.254.169.254/latest/api/token

Posted on By nim No Comments on [EKS/Pods] Why can not the pod on EKS call http://169.254.169.254/latest/api/token
[EKS/Pods] Why can not the pod on EKS call http://169.254.169.254/latest/api/token

Sau khi mày mò 1 thứ trên argo workflow mình phát hiện là.Nếu pod muốn lấy tocken của EC2 (Con node mà đang chưa pod đó) thì nó sẽ call vào http://169.254.169.254/latest/api/token. NHưng thường sẽ bị timout. Vậy thì chúng ta increase the max allowed hops to 2 Bạn tưởng tượng là nếu node gọi…

Read More “[EKS/Pods] Why can not the pod on EKS call http://169.254.169.254/latest/api/token” »

AWS - Amazon Web Service

[Snyk] Scan your code quickly to prevent attack form Hackers.

Posted on By nim No Comments on [Snyk] Scan your code quickly to prevent attack form Hackers.
[Snyk] Scan your code quickly to prevent attack form Hackers.

Find and automatically fix vulnerabilities in your code, open source dependencies, containers, and infrastructure as code — all powered by Snyk’s industry-leading security intelligence. Hiện tại bạn có thể sài gói free khá hời, cho mục đích cá nhân. Hiện tại thì Synk integrate với khá nhiều products. Bạn thực hiện add repo trên github…

Read More “[Snyk] Scan your code quickly to prevent attack form Hackers.” »

DevSecOps

[Falco] Detect and watch all commands in your Kubernetes cluster

Posted on By nim No Comments on [Falco] Detect and watch all commands in your Kubernetes cluster
[Falco] Detect and watch all commands in your Kubernetes cluster

Falco, the open-source cloud-native runtime security project. Falco detects unexpected application behavior and alerts on threats at runtime. It has complete container visibility through a single sensor that allows us to gain insight into application and container behavior. Falco is based on rules that will trigger alerts when conditions are met, for example Falco is…

Read More “[Falco] Detect and watch all commands in your Kubernetes cluster” »

DevSecOps

[Kubernetes Operations and Security] CIS Benchmarking and Kube-bench – Follow the best practice security recommendations for your Kubernetes.

Posted on By nim No Comments on [Kubernetes Operations and Security] CIS Benchmarking and Kube-bench – Follow the best practice security recommendations for your Kubernetes.
[Kubernetes Operations and Security] CIS Benchmarking and Kube-bench – Follow the best practice security recommendations for your Kubernetes.

1) CIS Benchmarking Configuration guidelines for various technology groups to safeguard systems against today’s evolving cyber threats The Center for Internet Security (CIS) releases benchmarks for best practice security recommendations. 2) Kube-bench kube-bench is a Go application that checks whether Kubernetes is deployed securely by running the checks documented in the CIS Kubernetes Benchmark. Run…

Read More “[Kubernetes Operations and Security] CIS Benchmarking and Kube-bench – Follow the best practice security recommendations for your Kubernetes.” »

DevSecOps

[DAST] OWASP ZAP – Understand about Dynamic Application Security Testing

Posted on By nim No Comments on [DAST] OWASP ZAP – Understand about Dynamic Application Security Testing
[DAST] OWASP ZAP – Understand about Dynamic Application Security Testing

Dynamic Application Security Testing DAST looks for security vulnerabilities by simulating external attacks on an application while the application is running. DAST test is performed in a dynamic environment. SAST scans an application’s code line by line when the application is at rest. (SonarQube)DAST has no access to an application’s source code, it detects security…

Read More “[DAST] OWASP ZAP – Understand about Dynamic Application Security Testing” »

DevSecOps

[KubeSec] Security risk analysis for Kubernetes resources

Posted on By nim No Comments on [KubeSec] Security risk analysis for Kubernetes resources
[KubeSec] Security risk analysis for Kubernetes resources

Kubesec is an open-source Kubernetes security scanner and analysis tool. It scans your Kubernetes cluster for common exploitable risks such as privileged capabilities and provides a severity score for each found vulnerability. Security risk analysis for Kubernetes resources.Take in a single YAML file as input. + One YAML can connect multiple Kubernetes resources.Kubesec is available…

Read More “[KubeSec] Security risk analysis for Kubernetes resources” »

DevSecOps

[OPA Conftest] general-purpose policy engine

Posted on By nim No Comments on [OPA Conftest] general-purpose policy engine
[OPA Conftest] general-purpose policy engine

https://www.conftest.dev/ The Open Policy Agent (OPA, pronounced “oh-pa”) is an open source, general-purpose policy engine that unifies policy enforcement across the stack. Conftest is a utility to help you write tests (statically analyze) against structured configuration data. Using Conftest you can write tests for, + Terraform code, + Kubernetes Configurations + Dockerfile or any other…

Read More “[OPA Conftest] general-purpose policy engine” »

DevSecOps