Scanning Kubernetes config

It is pretty easy to configure application clusters in Kubernetes. The issue is how not to make a mistake by missing something. How to avoid the situation where your configuration is “Vulnerable by design”?

I’ve looked into a couple of tools recently:

Rewrite libraries are meant for more than just Kubernetes (think Java, Spring). It is a tool to easily refactor your code and make sure you use the best practices. As far as I saw, you must use one of the build tools to run it, e.g., Gradle. I managed to come up with a simple example to prove its worth: ivarprudnikov/openrewrite-kubernetes-example

Checkov, on the other hand, is a standalone tool that is focused on infrastructure as code. There are many ways to install and run it. It does not depend on your build pipeline. I did do two examples to see how it works:

Both tools are great and fit different use cases.

Older post

Testing Prometheus alerts

September 8, 2021
So you have your Prometheus set up; it scraped time-series data. Now you want to get notified when servers will reach some usage thresholds.
Continue reading
Newer post

COSE signatures and receipts playground

April 26, 2023
Playground to create COSE signatures and countersign them. Issuer is using did:web to distribute public keys.
Continue reading