search

intelops / kubviz

Visualize Kubernetes & DevSecOps Workflows. Tracks changes/events real-time across your entire K8s clusters, git repos, container registries, SBOM, Vulnerability foot print, etc. , analyzing their effects and providing you with the context you need to troubleshoot efficiently. Get the Observability you need, easily.
Apache License 2.0
40 stars 16 forks source link

mTLS-readme added with configuration steps #372

Closed anila-intelops closed 4 months ago

anila-intelops commented 4 months ago

mTLS-readme added with configuration steps in docs folder

dryrunsecurity[bot] commented 4 months ago

Hi there :wave:, @dryrunsecurity here, below is a summary of our analysis and findings.

DryRun Security Status Findings
Configured Codepaths Analyzer :white_check_mark: 0 findings
Sensitive Files Analyzer :white_check_mark: 0 findings
Authn/Authz Analyzer :white_check_mark: 0 findings
AppSec Analyzer :white_check_mark: 0 findings
Secrets Analyzer :white_check_mark: 0 findings

[!Note] :green_circle: Risk threshold not exceeded.

Change Summary (click to expand) The following is a summary of changes in this pull request made by me, your security buddy :robot:. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective. **Summary:** The code changes in this pull request introduce a new feature called "mTLS - mutual TLS Feature" to the KubViz project. Mutual TLS (mTLS) is an extension of standard TLS that requires both the client and server to authenticate and verify each other's identities during the SSL/TLS handshake process. This provides enhanced security by ensuring that both parties are who they claim to be. In the KubViz setup, mTLS is used for secure communication between the agent and the NATS server. Both the agent and the client connect to the NATS server using mTLS. The benefits of using mTLS include enhanced security by mitigating the risk of man-in-the-middle attacks, ensuring data integrity by verifying identities, and compliance with regulations that mandate secure communication. The patch provides instructions on how to configure mTLS in the application for agent-to-NATS communication. From an application security perspective, the introduction of mTLS is a positive change as it enhances the overall security of the KubViz system. Mutual authentication between the client and server helps prevent unauthorized access and ensures that sensitive data is exchanged only between trusted entities. **Files Changed:** 1. `README.md`: This file introduces the new "mTLS - mutual TLS Feature" and provides an overview of the benefits and implementation details. 2. `docs/CONFIGURATION_MTLS.md`: This file provides detailed instructions and guidelines for setting up the necessary certificates and Kubernetes secrets to enable mTLS communication between the Kubviz client, server, and agent components. The code includes a `ca-config.cnf` file for Certificate Authority (CA) configuration, step-by-step instructions for generating the necessary certificates using OpenSSL, and examples of how to configure the mTLS settings in the `client/values.yaml` and `agent/values.yaml` files.

Powered by DryRun Security