Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/krol3/workshop-cloud-native-security

workshop about cloud-native security
https://github.com/krol3/workshop-cloud-native-security

cloud-native containers kubernetes security

Last synced: 12 months ago
JSON representation

workshop about cloud-native security

Awesome Lists containing this project

README 

          
# Security Cloud-Native Workshop



Security across Development life cycle in Cloud-Native



[![SDLC](https://holisticsecurity.io/assets/blog20200210/20200210-security-along-container-based-sdlc-v2.png)](https://holisticsecurity.io/2020/02/10/security-along-the-sdlc-for-cloud-native-apps/)



# Quick Start Workshop (2-hours)



In this quick start hands-on workshop, you will explore the build, infrastructure and runtime in Cloud-Native.



[![secure-container](https://www.redhat.com/outfit/3c814deb579d4de95d1eb7207aa9f2e4/cl-cloud-native-container-design-whitepaper_Image6_v2.png)](https://www.redhat.com/en/resources/cloud-native-container-design-whitepaper)



How could you embed security across all stages of Software Development Life Cycle?. Build, infra, and runtime will be the key points of this workshop. We will explore good practices to embed security along the container images, Kubernetes, infrastructure as a code, and workloads and how to DevOps practices will help its adoption together with tools to implement security, compliance and forensic.



## Table of Contents

- [Prerequisites](#prerequisites)

- [Container Threads](https://github.com/krol3/container-security-checklist#container-threat-model)

- [Container Security Best Practices](https://github.com/krol3/container-security-checklist#container-security-checklist)

- [Detecting Vulnerabilities](vulnerabilities.md)

    - [Scanning Container images](./vulnerabilities.md#container-images)

    - [Filter Log4j-CVE using OPA](./vulnerabilities.md#filter-log4j-cve-using-opa)

    - [Scanning Filesystems](./vulnerabilities.md#scanning-filesystems)

    - [SBOM artifact](./vulnerabilities.md#sbom-artifact)

    - [Scanning Git Repositories](./vulnerabilities.md#scanning-git-repositories)

    - [Binaries created by Golang](./vulnerabilities.md#binaries-created-by-golang)

    - [CI Integration with Github Action](./vulnerabilities.md#ci-integration)

- [Detecting Misconfigurations](misconfigurations.md)

    - [Misconfigurations in Container Images](./misconfigurations.md#misconfigurations-in-container-images)

    - [Misconfigurations in Kubernetes](./misconfigurations.md#misconfigurations-in-kubernetes)

    - Misconfigurations in Infra as Code

      - [Terraform](./misconfigurations.md#terraform)

      - [CloudFormation](./misconfigurations.md#cloudformation)

    - [CI Integration with Github Action](./misconfigurations.md#ci-integration)

- [Security Audit in Kubernetes](audit-k8s.md)

    - Workloads Scanning

    - Kubernetes CIS Benchmark

    - Kubernetes Pentesting: kube-hunter

    - Audit Reports

      - Polaris

      - Conftest

    - Integration

      - Lens

      - Octant

- [Policy as Code with OPA](opa.md)

    - Vulnerabilities

    - container image

    - Kubernetes

- [Runtime Detection in Containers](runtime.md)

    - Container

    - Kubernetes installation

    - Alerting

- [Collaborate](#collaborate)



## Prerequisites



Before you begin, you need the following software:



- A Linux, stand-alone virtual machine (VM)

- A kubernetes cluster: minikube, kind, or any kubernetes flavor.

    - **Minikube Installation** [here](https://minikube.sigs.k8s.io/docs/start/)

    - **Kind Installation** [here](https://kind.sigs.k8s.io/docs/user/quick-start/#installation)

- Kubernetes command-line tool: **kubectl** Installation on Linux [here](https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/)



Note: For Infrastructure scanning, it will be used a kind cluster with two nodes. See the [kind.yaml](kind.yaml)



`kind create cluster --name k8s-local --config kind.yaml --image kindest/node:v1.20.7`



## Congratulations



Thank you for attending the workshop. I would love your feedback, or contribution for other cases and samples with other scenaries.



## Collaborate



If you find any typos, errors, outdated resources; or if you have a different point of view. Please open a pull request or contact me.



Pull requests and stars are always welcome 🙌