Open ssmiller25 opened 4 years ago
Attempt to use built in policies for security (PodSecurityPolicies, maybe NetworkPolicies - although need to change out CNI). Maybe run Polaris and kube-bench against deployed cluster. May add other to applications later
Pipeline K8S Config https://github.com/datreeio/datree
In Cluster and Pipeline K8S Config https://github.com/FairwindsOps/polaris - K8S best practices
Image Analysis https://github.com/anchore/anchore-engine - static and in-cluster image analysis. Used by sysdig security. Article at https://sysdig.com/blog/docker-image-scanning/
From Sysdig "Securing Kubernetes Checklist":
Attempt to use built in policies for security (PodSecurityPolicies, maybe NetworkPolicies - although need to change out CNI). Maybe run Polaris and kube-bench against deployed cluster. May add other to applications later
Pipeline K8S Config https://github.com/datreeio/datree
In Cluster and Pipeline K8S Config https://github.com/FairwindsOps/polaris - K8S best practices
Image Analysis https://github.com/anchore/anchore-engine - static and in-cluster image analysis. Used by sysdig security. Article at https://sysdig.com/blog/docker-image-scanning/
From Sysdig "Securing Kubernetes Checklist":