-
As a CSP, I want to scan my Kubernetes infrastructure for security weaknesses so that I can find vulnerabilities.
This issue focusses on Trivy as a one-time execution tool in a Zuul pipeline.
T…
-
**Is your feature request related to a problem? Please describe.**
Ref. meeting with GRC team on 23.08; ASB policies related to Kubernetes have been extracted and we would like the Radix team to comm…
-
Reference
```
apiVersion: v1
kind: Namespace
metadata:
name: openshift-storage
annotations:
workload.openshift.io/allowed: management
labels:
openshift.io/cluster-monitoring: "…
-
[tags]kubernetes,training,learning[/tags]
[short_descr]Vulnerable by design cluster environment to learn and practice Kubernetes security.[/short_descr]
[link] https://madhuakula.com/kubernetes-goat …
-
Related to #258, why services are using `hostIPC` option [1]:
```
$ git grep hostIPC
ChatQnA/kubernetes/manifests/chaqna-xeon-backend-server.yaml: hostIPC: true
ChatQnA/kubernetes/manifests/e…
-
Open tasks for the Kubernetes Security Slam 2023
- [ ] Ensure SBOMs are generated by Kubernetes BOM (task 3) @SD-13
- [ ] Ensure SLSA Attestations are generated when possible (task 4) @shafeeqes …
SD-13 updated
2 months ago
-
Is the capabilities NET_BIND_SERVICE needed?
To pass the pod security policy
```
kubectl label --dry-run=server --overwrite ns sops \
pod-security.kubernetes.io/enforce=restricted \
pod-s…
-
## WHAT
As part of #95 we have now setup `govulncheck` to run on each PR and periodically on master + stable release branches as part of `verify` jobs.
`govulncheck` has now added support for ope…
-
I would expect seeing pod container `securityContext`s like this:
```
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
seccompProfile:
type: RuntimeDefault…
-
### Discussed in https://github.com/aquasecurity/trivy/discussions/7017
Originally posted by **fernandogont** June 25, 2024
### Question
Hi,
I'm trying to run Trivy for kubernetes securi…