🚀 Last but not least, in my KubeCon Highlights Part 2 video, I talked to Anaïs Urlichs about her work at Aqua Security in the open source team on #Trivy, a comprehensive cloud-native security scanner. 💡Trivy features a Kubernetes operator for integrating security scans within a cluster, allowing engineers and SREs to manage and visualize security scans through familiar observability tools easily. Trivy also can scan for vulnerabilities, configurations, exposed secrets, license issues, and RBAC configurations, emphasizing its open source nature and availability for use through GitHub, local CLI, CI/CD pipelines, and within Kubernetes clusters. ➡️ Learn more about Trivy in the full interview on YouTube: https://lnkd.in/gWFR6eNx #opensource #cloudnativesecurity #cncf #kubecon #kubernetessecurity
Is It Observable’s Post
More Relevant Posts
-
Day 21 of #cybertechdave100daysofcyberchallenge Course : OWASP Top 10 for Docker Containers and Kubernetes Security | Chapter 6 : Inadequate Process Isolation. Today, I completed the 'Inadequate Process Isolation' chapter on EC-Council. Upon completion, I've learnt that: - Inadequate process isolation is when processes running inside different containers can potentially interact with each other, leading to a compromise of one container can potentially compromise the entire system 🛡 By implementing process isolation through namespace isolation and cgroups one can prevent cross-container compromisation. Better Never Rests 🤝 #cybertechdave100daysofcyberchallenge #eccouncil
To view or add a comment, sign in
-
-
AWS Community Builder ☁ | DevOps Engineer | AWS Solution Architect | RHCSA | AWS DevOps | Cloud Engineer | | Linux Administrator
🔒 Excited to share my latest blog post on enhancing code repository security! In this article, I delve into the significance of TruffleHog in identifying vulnerabilities within code repositories, shedding light on its ability to uncover sensitive information like passwords and encryption keys mistakenly included in the code. Whether it's public or private repositories, TruffleHog proves to be an indispensable tool in safeguarding against potential breaches. Check out the full blog here for insights on harnessing TruffleHog's capabilities: https://lnkd.in/dPESqsBw #cybersecurity #devsecops #git #devops #trufflehog #codesecurity #techsecurity #github #opensource
To view or add a comment, sign in
-
KubeHound: Identifying attack paths in Kubernetes clusters #kubehound #datadog #opensource #kubernetescluster #containersecurity #attackpath https://lnkd.in/eiHPJJPj
KubeHound: Identifying attack paths in Kubernetes clusters | Datadog Security Labs
securitylabs.datadoghq.com
To view or add a comment, sign in
-
First great speaker of today’s meetup! Amit Sharma on a topic that is an extremely important application security testing capability: DAST - what is DAST? - why DAST? What are the advantages of DAST? - Is DAST the silver bullet? What are the limitations of DAST? - how and when to integrate in your development lifecycle? All these questions and much more was answered during the meetup! Interested in the recording? This will be released soon! Follow us on LinkedIn and Meetup.com Next event is in Nijmegen, with other great DevSecOps topics!! OWASP Netherlands Chapter #devsecops #appsec #dast #owasp #meetups #opensource #cloudsecurity
To view or add a comment, sign in
-
-
I just saw Docker Scout, which scans your docker repo for vulnerabilities. Here's a link to check out Docker Scout https://lnkd.in/eRX_-UNp ➡ The Docker Scout free plan gives you unlimited local image analysis and up to 3 remote repositories. ⬅ I used to run the below to scan my repos: docker run --rm --volume /var/run/docker.sock:/var/run/docker.sock --name Grype anchore/grype:latest httpd:latest >> SECOUT.txt Report will in this example be in the file SECOUT.txt - which has a whopping 32 Critical and High vulnerabilities with 3 in the main binary itself - httpd. I am for sure now switching to Docker Scout. Test the containers you use for vulnerabilities - it's free ! Huge thanks 🙏 to Christian Dupuis Katharine (Kat) Yi 🖖🏻 and all in the 🐳 team that bring this very much needed feature. #security #vulnerabilitymanagement #docker
To view or add a comment, sign in
-
-
GitLab’s DevSecOps recently switched from Grype to Trivy for container vulnerability scanning. The key question is: where is the best place to scan images for vulnerabilities, and where should these vulnerability reports be stored? 1. During CI/CD at the build stage 2. At runtime in the Kubernetes cluster 3. In registries My perspective is to treat Docker images as assets and associate them with code repositories. Every asset should belong to a code repository, and the scanning report should be included as part of the SAST reports generated for that codebase. #devsecops #security #devsecops_bot #sast #codesecurity #code #staticanalysis #llm
To view or add a comment, sign in
-
VAPT | CEH V12 (Masters) | CSA | CHFI | Security Analyst | Penetration Tester | Soc Analyst | Cyber Forensic | top 4% in tryhackme
DAY 17/100 COMPLETED #tryhackme room intro to containerisation by the end of the room, we will be learn aboutThe basic syntax to get we started with DockerRunning and deploying our first containerUnderstanding how Docker containers are distributed using images.Creating our own image using a Dockerfile. How Dockerfiles are used to build containers, using Docker Compose to orchestrate multiple containers.Applying the knowledge gained from the room into the practical element at the end. #100daysofcybersecurity #100dayschallenge #100daysoflearning #cybersecuritytraining https://lnkd.in/gHAqYZc9
To view or add a comment, sign in
-
#NewsFlash GitHub has announced that its code scanning autofix feature, powered by #GitHub Copilot and #CodeQL, is now available in public beta for all GitHub Advanced Security customers. The autofix tool aims to remediate over two-thirds of vulnerabilities found during code scanning, with developers requiring minimal editing. Check out the details in the comments.
To view or add a comment, sign in
-
Cybersecurity Analyst | SOC | Bytewise Fellow | CTFs | Linux | Networking | Vulnerability Assessment | Penetration Testing | TryHackMe
Here is how I exploit Kioptrix VM Apache and Samba ports vulnerabilities: https://lnkd.in/dhnGi3BP These two solo labs are part of the Bytewise Limited #cybersecurity #fellowship. #100daysofcode #Bytewise #100daysofbytewise #100daysofcybersecurity
GitHub - atharimran728/Kioptrix-Exploits: This repository consists of some labs exploiting vulnerablities of Kioptrix VM. All these labs are part of Bytewise Fellowship.
github.com
To view or add a comment, sign in
-
Kubernetes - are you secure? Are you sure? If not, this workshop taught by Jacob Beasley should change that. He'll walk you through securing a Kubernetes cluster using open-source Kubernetes security tools such as kube-bench, kubsec, kube-hunter, trivy, and project falco. It may sound like a lot, but he'll simplify it and you'll walk away with a clear understanding and an action plan to make your K8s implementation more secure. https://lnkd.in/gpiHuxRT #mndevconf #kubernetes #kubernetescluster #kubernetessecurity #softwaredeveloper #softwaredevelopers #developerconference #conference2023
To view or add a comment, sign in
-