kubernetes 5 Must-Have Kubernetes Security Tools My entire months of June and July have been consumed by Kubernetes. All, largely owing to the Kubernetes Security Masterclass Training that are we are bringing to BlackHat USA 2020 👍🎉(you should register if you haven't already). And while we have been running Kubernetes Security trainings for a while now,
cloud Notes on Open Policy Agent and Docker Security I am starting to work with Open Policy Agent (OPA) for Kubernetes. OPA is largely known for its ability to behave as a powerful Admission Controller for Kubernetes. However, I find that Open Policy Agent is a great Admission Controller/Policy Enforcement tool for Docker, HTTP REST API and other
container CVE-2019-5736, runC and the Trickle down effect of Bad Advice "Docker Containers are supposed to run as root", he said, authoritatively on a call. I started to doubt myself. "How can anything running as root, be a good thing?" I asked myself. But the gent giving us the piece of advice (nay, justification) was a senior security pro with a
container security Stories of My Experiments with "Distroless" Containers If you're like me, you're probably using Containers to deploy and run applications. Containers are incredibly convenient to package and run your applications, consistently, with all the necessary dependencies. However, most containers I would typically build, were built off an operating system Docker base-image. Early in my container adoption days,
