Explore the concept of using policy as code to manage security risks in Kubernetes in this 25-minute conference talk from the Cloud Native Computing Foundation (CNCF). Delve into traditional security challenges and discover how Infrastructure as Code (IaC) and Policy as Code (PaC) can enhance cloud security. Learn about Terrascan, its goals, and how to integrate it into your workflow. Examine real-world examples of vulnerabilities, including CVE-2020-8554 and CVE-2020-8555, and understand their implications. Gain insights into various security risk categories and how Terrascan addresses them, empowering you to better protect your Kubernetes environments.
Using Policy as Code to Manage Security Risk in Kubernetes
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
Intro
Traditional Security Challenges
Unlocking Cloud Security with lac & Pac
Terrascan - Goals
Integrate Terrascan into your workflow
CVE-2020-8554: LoadBalancer PATCH request example
CVE-2020-8555- Half Blind SSRF
CVE-2020-8555 - Vulnerable YAML example
Terrascan - Security Risk Categories
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
Learn how Microsoft safeguards customer data
-
Policy-as-Code Across the Stack
-
Cloud Native Governance, Risk, and Compliance - Policy-as-Code Applications
-
Interactive Playground to Learn Kubernetes and Cloud Native Security
-
Policy as Versioned Code
-
Minimizing Blast Radius of Chained Kubernetes Misconfigurations and Image Vulnerabilities
