Text4Shell Demo tutorial

[SharpRake]

What topic are you requesting a resource about?

• ~Chainguard product~
• ~Open source related~
• Conceptual security related
• ~Other (please describe)~

Proposed title: "Using Chainguard Enforce to Detect the Log4Shell Vulnerability"

Description: A companion piece to the Log4Shell demo tutorial that walks readers through how they can use Chainguard Enforce for Kubernetes to detect the Text4Shell vulnerability

[amdawson]

i had a video in today's announcement that probably covers this

[dlorenc]

Can we close this one now?

[ltagliaferri]

@SharpRake is adding a section to the Log4Shell tutorial but it has not been merged yet

@amdawson — do you think we should cross-post these videos into Academy?

[amdawson]

That's up to you

[amdawson]

Whatever you think is best.

[dlorenc]

Any updates on this one?

[SharpRake]

I have a draft that's nearing completion. Landing on the overall structure has been a little tricky, and I've been delayed by some debugging on my end.

[SharpRake]

This was held up due to me being away for the holidays. Getting back into it this week, I began running into some consistent issues with the demo image. @johnfosborneiii is helping to get the problem squared away and once he does I should be able to complete my testing for this update.

[ltagliaferri]

the text4shell demo is not currently working as expected, but it should be squared away sometime next week

[dlorenc]

It sounds like there's still an issue with the image - @johnfosborneiii or @mattmoor - are you looking into it?

[ltagliaferri]

The image has been updated and @SharpRake is going back to test the writeup

[johnfosborneiii]

I have resolved this (requires cosign 2.x). The instructions on the README are updated. I believe this can be closed.

[dlorenc]

Can this be closed?

[ltagliaferri]

We will close when the tutorial is published, it needs to go through review

[amdawson]

should be soon now, i paired with Mark on it a bit today, i think he's good.