Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use a tool to scan the k8s manifest and dockerfile #106

Closed
abhisheksr01 opened this issue Oct 12, 2021 · 4 comments
Closed

Use a tool to scan the k8s manifest and dockerfile #106

abhisheksr01 opened this issue Oct 12, 2021 · 4 comments
Assignees
@abhisheksr01
Labels
enhancement New feature or request security-devsecops Security features to improve the security posture and implement DevSecpOps

Comments

@abhisheksr01
Copy link
Owner

Identity a security tooling to scan the k8s manifest (standard and helm charts) locally and Dockerfile for security recommendations.
@abhisheksr01 abhisheksr01 self-assigned this Oct 12, 2021
@abhisheksr01 abhisheksr01 added the enhancement New feature or request label Oct 12, 2021
@abhisheksr01
Copy link
Owner Author

https://www.checkov.io/ seems to be a good candidate it's licensed under apache so free to use.

abhisheksr01 added a commit that referenced this issue Oct 12, 2021
@abhisheksr01
feat(#106): add circleci job to scan IAM using checkov
31e9dce
abhisheksr01 added a commit that referenced this issue Oct 12, 2021
@abhisheksr01
feat(#106): remove sudo from the command
b3ae213
abhisheksr01 added a commit that referenced this issue Oct 12, 2021
@abhisheksr01
feat(config.ym, #106): fix checkov installation command
e0c0eac
@abhisheksr01
Copy link
Owner Author

Checkov has been added to the pipeline.
ToDo: Update the document to add info about the usage of tooling.

abhisheksr01 added a commit that referenced this issue Apr 5, 2022
@abhisheksr01
chore(#106): move checkov iac scan job to circleci scheduled workflow
b6db47b
abhisheksr01 added a commit that referenced this issue Jun 20, 2022
@abhisheksr01
feat(#106): update README with devsecops intro
0fd6c77
abhisheksr01 added a commit that referenced this issue Jun 20, 2022
@abhisheksr01
feat(#106): update README with snyk info
4671589
abhisheksr01 added a commit that referenced this issue Dec 25, 2024
@abhisheksr01
ci(pipeline.yml): #106 fix sast jobs in github actions
f6a3ffc
abhisheksr01 added a commit that referenced this issue Dec 25, 2024
@abhisheksr01
chore(deps): #106 bump dependencies and use trivy.yaml to fix securit…
151aa7c 
…y vulnerability
abhisheksr01 added a commit that referenced this issue Dec 25, 2024
@abhisheksr01
fix(Dockerfile): #106 use non root user for building container image
28aa2a7
@abhisheksr01
Copy link
Owner Author

Using Trivy in GHA for scanning dockerfile

@abhisheksr01 abhisheksr01 added the security-devsecops Security features to improve the security posture and implement DevSecpOps label Dec 26, 2024
abhisheksr01 added a commit that referenced this issue Dec 26, 2024
@abhisheksr01
ci(pipeline.yml): #106 enable trivy iac scan for dockerfile,helm and …
f0630b2 
…kubernetes
abhisheksr01 added a commit that referenced this issue Dec 26, 2024
@abhisheksr01
ci(trivy): #106 temporary only fail CI for CRITICAL vulnerabilities
a2fee12
abhisheksr01 added a commit that referenced this issue Dec 26, 2024
@abhisheksr01
ci(trivy): #106 temporary only fail CI for CRITICAL vulnerabilities
bc056ab
@abhisheksr01
Copy link
Owner Author

Dockerfile, helm & k8s SAST scan capabilities are added but is configured to fail only for CRITICAL Vulnerabilities.

A separate Security vulnerability](#351) issue has been created for fixing the vulnerabiities

Hence closing this Issue as completed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@abhisheksr01 abhisheksr01

Labels
enhancement New feature or request security-devsecops Security features to improve the security posture and implement DevSecpOps
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@abhisheksr01