{"id":17001362,"url":"https://github.com/krol3/workshop-cloud-native-security","last_synced_at":"2025-07-02T21:38:02.502Z","repository":{"id":44567098,"uuid":"422324816","full_name":"krol3/workshop-cloud-native-security","owner":"krol3","description":"workshop about cloud-native security","archived":false,"fork":false,"pushed_at":"2022-04-14T14:43:41.000Z","size":5646,"stargazers_count":71,"open_issues_count":0,"forks_count":19,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-04T08:38:43.450Z","etag":null,"topics":["cloud-native","containers","kubernetes","security"],"latest_commit_sha":null,"homepage":"https://krol3.github.io/workshop-cloud-native-security/","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/krol3.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":"audit-k8s.md","citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-10-28T19:05:39.000Z","updated_at":"2024-11-30T04:35:28.000Z","dependencies_parsed_at":"2022-09-13T21:00:16.428Z","dependency_job_id":null,"html_url":"https://github.com/krol3/workshop-cloud-native-security","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/krol3/workshop-cloud-native-security","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/krol3%2Fworkshop-cloud-native-security","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/krol3%2Fworkshop-cloud-native-security/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/krol3%2Fworkshop-cloud-native-security/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/krol3%2Fworkshop-cloud-native-security/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/krol3","download_url":"https://codeload.github.com/krol3/workshop-cloud-native-security/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/krol3%2Fworkshop-cloud-native-security/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":263220994,"owners_count":23432980,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cloud-native","containers","kubernetes","security"],"created_at":"2024-10-14T04:24:43.713Z","updated_at":"2025-07-02T21:38:02.474Z","avatar_url":"https://github.com/krol3.png","language":"HTML","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Security Cloud-Native Workshop\n\nSecurity across Development life cycle in Cloud-Native\n\n[![SDLC](https://holisticsecurity.io/assets/blog20200210/20200210-security-along-container-based-sdlc-v2.png)](https://holisticsecurity.io/2020/02/10/security-along-the-sdlc-for-cloud-native-apps/)\n\n\u003c/br\u003e\n\n# Quick Start Workshop (2-hours)\n\n\nIn this quick start hands-on workshop, you will explore the build, infrastructure and runtime in Cloud-Native.\n\n[![secure-container](https://www.redhat.com/outfit/3c814deb579d4de95d1eb7207aa9f2e4/cl-cloud-native-container-design-whitepaper_Image6_v2.png)](https://www.redhat.com/en/resources/cloud-native-container-design-whitepaper)\n\nHow could you embed security across all stages of Software Development Life Cycle?. Build, infra, and runtime will be the key points of this workshop. We will explore good practices to embed security along the container images, Kubernetes, infrastructure as a code, and workloads and how to DevOps practices will help its adoption together with tools to implement security, compliance and forensic.\n\n\n## Table of Contents\n- [Prerequisites](#prerequisites)\n- [Container Threads](https://github.com/krol3/container-security-checklist#container-threat-model)\n- [Container Security Best Practices](https://github.com/krol3/container-security-checklist#container-security-checklist)\n- [Detecting Vulnerabilities](vulnerabilities.md)\n    - [Scanning Container images](./vulnerabilities.md#container-images)\n    - [Filter Log4j-CVE using OPA](./vulnerabilities.md#filter-log4j-cve-using-opa)\n    - [Scanning Filesystems](./vulnerabilities.md#scanning-filesystems)\n    - [SBOM artifact](./vulnerabilities.md#sbom-artifact)\n    - [Scanning Git Repositories](./vulnerabilities.md#scanning-git-repositories)\n    - [Binaries created by Golang](./vulnerabilities.md#binaries-created-by-golang)\n    - [CI Integration with Github Action](./vulnerabilities.md#ci-integration)\n- [Detecting Misconfigurations](misconfigurations.md)\n    - [Misconfigurations in Container Images](./misconfigurations.md#misconfigurations-in-container-images)\n    - [Misconfigurations in Kubernetes](./misconfigurations.md#misconfigurations-in-kubernetes)\n    - Misconfigurations in Infra as Code\n      - [Terraform](./misconfigurations.md#terraform)\n      - [CloudFormation](./misconfigurations.md#cloudformation)\n    - [CI Integration with Github Action](./misconfigurations.md#ci-integration)\n- [Security Audit in Kubernetes](audit-k8s.md)\n    - Workloads Scanning\n    - Kubernetes CIS Benchmark\n    - Kubernetes Pentesting: kube-hunter\n    - Audit Reports\n      - Polaris\n      - Conftest\n    - Integration\n      - Lens\n      - Octant\n- [Policy as Code with OPA](opa.md)\n    - Vulnerabilities\n    - container image\n    - Kubernetes\n- [Runtime Detection in Containers](runtime.md)\n    - Container\n    - Kubernetes installation\n    - Alerting\n- [Collaborate](#collaborate)\n\n## Prerequisites\n\nBefore you begin, you need the following software:\n\n- A Linux, stand-alone virtual machine (VM)\n- A kubernetes cluster: minikube, kind, or any kubernetes flavor.\n    - **Minikube Installation** [here](https://minikube.sigs.k8s.io/docs/start/)\n    - **Kind Installation** [here](https://kind.sigs.k8s.io/docs/user/quick-start/#installation)\n- Kubernetes command-line tool: **kubectl** Installation on Linux [here](https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/)\n\nNote: For Infrastructure scanning, it will be used a kind cluster with two nodes. See the [kind.yaml](kind.yaml)\n\n`kind create cluster --name k8s-local --config kind.yaml --image kindest/node:v1.20.7`\n\n## Congratulations\n\nThank you for attending the workshop. I would love your feedback, or contribution for other cases and samples with other scenaries.\n\n## Collaborate\n\nIf you find any typos, errors, outdated resources; or if you have a different point of view. Please open a pull request or contact me.\n\nPull requests and stars are always welcome 🙌\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkrol3%2Fworkshop-cloud-native-security","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkrol3%2Fworkshop-cloud-native-security","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkrol3%2Fworkshop-cloud-native-security/lists"}