Deploy and configure Kubescape

ai-cfia / howard

The Howard project, named after "The Godfather of Clouds" Luke Howard, orchestrates the Kubernetes-based cloud infrastructure for the Canadian Food Inspection Agency's AI lab, managing applications like Nachet, Finesse, and Louis. It prioritizes robustness, security and efficiency

https://ai-cfia.github.io/howard/

MIT License

3 stars 0 forks source link

Deploy and configure Kubescape #150

Closed ThomasCardin closed 6 months ago

ThomasCardin commented 6 months ago

See comments

rngadam commented 6 months ago

"Kubescape is an open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters. It includes risk analysis, security, compliance, and misconfiguration scanning, saving Kubernetes users and administrators precious time, effort, and resources."

https://github.com/kubescape/kubescape

I see we're creating issues for every security tool available. Should this not start with a top-level security epic with a list of desired features independent of implementation?

ThomasCardin commented 6 months ago

See https://github.com/ai-cfia/howard/issues/59

ThomasCardin commented 6 months ago

After discussing with @SonOfLope , we realized that Trivy can also scan the cluster using the command (trivy k8s ...). We have therefore decided to go with Trivy only in order to limit the number of tools we use. Additionally, Aqua Security, the company behind Trivy, is very popular and well-known. Moving this issue to https://github.com/ai-cfia/howard/issues/145