Security: Investigate the use of Chekov as a mechanism for avoiding issues in Infrastructure [Spike]

buerokratt / POC-DMR.Cross-functional-requirements

Cross-functional requirements to take into account when developing or planning to develop Bürokratt's custom base components

MIT License

1 stars 1 forks source link

Open guypritchard opened 2 years ago

guypritchard commented 2 years ago

A tool called Checkov exists for validating K8s, Dockerfiles and Helm Charts for common security issues.

It can validate the Helm Charts we're generating and even the Terraform to generate warnings about security issues.

It would be great if this could run in the CI pipeline and validate security issues are taken care of.