Open ijewelmas opened 2 years ago
+1. I saw on "kubernetes-goat/guide/docs/security-reports/" that some reports have been updated, but without a baseline of vulnerabilities, we can't know if the tools are efficient or not.
Makes a lot of sense. Let me document in a draft and share with you all and see if anything I missed and we can improve over the time. Will work on this this week, @fadao23 @ijewelmas appreciate any suggestions, inputs about format.
Hi @madhuakula maybe I can try to help. So we need to put the risk level on each scenarios here?
or it's not like that? As each scenario might contain varied vulnerabilities & misconfigurations. CMIIW.
Appreciate it if you have some ideas on how we can do this, @za. Let's discuss this here before moving forward with implementation.
Basically, we need to capture the list of vulnerabilities, misconfigurations, etc., in each scenario and flag them in a testable way using tools like Checkov, KICS, Kubescape, etc. against our Kubernetes Goat project. This way, we can ensure that we can map them to the Kubernetes Goat framework list of vulnerabilities and what these tools are able to find/identify.
Finally, we can create a matrix something like https://github.com/tsale/EDR-Telemetry?tab=readme-ov-file#telemetry-comparison-table
Hello,
I was interested to understand the total number of intended misconfigurations and vulnerabilities in Kubernetes-goat environment. It will be great to have this information in order to understand which tool is able to capture most number of misconfigurations/vulnerabilities.
Thanks in advance !