{"id":20551639,"url":"https://github.com/do-community/k8s-iac-security-workshop","last_synced_at":"2026-03-19T16:21:55.171Z","repository":{"id":90798091,"uuid":"412592764","full_name":"do-community/k8s-iac-security-workshop","owner":"do-community","description":null,"archived":false,"fork":false,"pushed_at":"2021-10-07T14:40:51.000Z","size":42,"stargazers_count":1,"open_issues_count":0,"forks_count":2,"subscribers_count":6,"default_branch":"main","last_synced_at":"2025-01-16T17:00:54.860Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Mustache","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/do-community.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-10-01T19:22:25.000Z","updated_at":"2023-02-07T22:01:33.000Z","dependencies_parsed_at":null,"dependency_job_id":"959423d9-b830-4088-ba6f-bd95864abba7","html_url":"https://github.com/do-community/k8s-iac-security-workshop","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/do-community%2Fk8s-iac-security-workshop","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/do-community%2Fk8s-iac-security-workshop/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/do-community%2Fk8s-iac-security-workshop/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/do-community%2Fk8s-iac-security-workshop/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/do-community","download_url":"https://codeload.github.com/do-community/k8s-iac-security-workshop/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":242157191,"owners_count":20081037,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-16T02:32:52.812Z","updated_at":"2026-03-10T13:02:10.407Z","avatar_url":"https://github.com/do-community.png","language":"Mustache","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Kubernetes Infrastructure as Code Gamified \n\nThis workshop was first run at [SnykCon 2021](https://snyk.io/snykcon/). \n\n## Instructions \n1. By yourself or in a small group, spend at least 25 minutes looking through the files in this repository and try to identify at least 7 security vulnerabilities. \n\nThere are three directories: \n- A terraform directory that sets up a Kubernetes cluster using DigitalOcean Kubernetes\n- A helm directory that has files for setting up ingress-nginx\n- An api-deployment directory that has yaml manifests to deploy an example api written in Go. \n\nHint: \n- 2 high-severity security vulnerabilities\n- 5 medium-severity security vulnerabilities\n\nIf you have no idea where to start looking, it’s okay! Pick an article from the resources section, read through it and try to find one issue to look for.\n\n2. After looking through the repo, fork this into your github account, sign up for [Snyk](https://snyk.io/product/infrastructure-as-code-security/) and run this repo the IAC scanner. Make changes to fix the issues and then run the scan again. Celebrate when you have fixed the 7 vulnerabilities! \n\n### Resources \n- [OWASP Kubernetes Security Checklist](https://cheatsheetseries.owasp.org/cheatsheets/Kubernetes_Security_Cheat_Sheet.html)\n- [NSA Kubernetes Hardening Guidance](https://media.defense.gov/2021/Aug/03/2002820425/-1/-1/1/CTR_KUBERNETES%20HARDENING%20GUIDANCE.PDF) \n- [Snyk Kubernetes Security | Issues and Best Practices](https://snyk.io/learn/kubernetes-security/)\n- [Top 10 Kubernetes Application Security Hardening Techniques](https://blog.aquasec.com/kubernetes-hardening-techniques)\n- [Overview of Cloud Native Security](https://kubernetes.io/docs/concepts/security/overview/)\n- [Pod Security Standards](https://kubernetes.io/docs/concepts/security/pod-security-standards/)\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdo-community%2Fk8s-iac-security-workshop","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdo-community%2Fk8s-iac-security-workshop","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdo-community%2Fk8s-iac-security-workshop/lists"}