Learn about real-time vulnerability management in Kubernetes environments through this 18-minute conference talk from OpenSSF. Discover how to combine admission controllers like Kyverno with runtime security tools to effectively manage and mitigate security vulnerabilities. Explore practical demonstrations using real-world vulnerability examples including Log4j, PwnKit, xz, and Leaky Vessels. Master techniques for identifying vulnerable workloads using Kyverno, integrating image vulnerability scanner results, and implementing virtual patches through KubeArmor policies. Understand how to maintain application uptime while enforcing security measures, and learn strategies for protecting applications against future vulnerabilities without waiting for upstream fixes or disrupting deployment processes.
Overview
Syllabus
Patch It Up: Real-Time Vulnerability Management with Kyverno... - Barun Acharya & Ramakant Sharma
Taught by
OpenSSF