search

5GSEC / nimbus

Intent driven security automation framework
Apache License 2.0
20 stars 10 forks source link

Virtual Patch: Exploit Public Facing Applications #100

Open shivaccuknox opened 4 months ago

shivaccuknox commented 4 months ago

M1051 is "Update Software Regularly". Virtual Patch is an intermediate step before the actual update.

There is a set of annotations (CVEs) on the pods

Nimbus can look at the CVEs, and then attempt a live patch on these pods to mitigate the CVE

As part of live patch, Also, Nimbus can also create NetPol in case of workloads exposed to Public INternet

Design Doc for the intent: https://docs.google.com/document/d/1CoooyoEG8NKXOpfrsnV8PHCqYk7OUbZYbPtQRD7lr5k/edit#heading=h.18eqtrsy88hg

nandhued commented 3 months ago

Design/Architecture Discussion needed.

nandhued commented 2 months ago

Moving to backlog till demo on June 20.

nandhued commented 4 weeks ago

Document under review. @VedRatan Can you link the design doc please?

VedRatan commented 4 weeks ago

The design doc is in the description of the issue itself @nandhued

nandhued commented 2 weeks ago

WIP on generate policy approach.

nandhued commented 1 week ago

List the assumptions on the design doc with sample JSON and confirm w KA team.

nandhued commented 1 week ago

WIP

nandhued commented 1 week ago

Done w KA generator policies. Kyverno and netpol WIP.