This week's articles
Kubernetes API Access Security Hardening
#defend, #kubernetes
Kubernetes is driven by an HTTP API server which allows complete configuration and control of Kubernetes runtime. Therefore, securing access to the API server is one of the most critical security controls to ensure resilient Kubernetes in production.
Automating cloud governance at scale
#aws, #defend
Blog post from SkyScanner, introducing some recent improvements to CFRipper that have enabled them to detect issues more accurately, allow for increasing levels of customization, and facilitate dynamic stack exemptions for engineering squads.
Server-side Apply in Kubernetes
#announcement, #kubernetes
This new merging algorithm running on the Kubernetes API server replaces the client side apply feature with a server-side implementation, helping users and controllers manage their resources.
Container CVE List
#attack, #docker, #kubernetes
A page listing CVEs affecting Kubernetes/runc/ContainerD/Docker.
Terraform support in Semgrep
#announcement, #defend, #terraform
Semgrep 0.70+ now supports scanning Terraform source files (HCL) for misconfigurations and security flaws.
|