wrongsecrets
jib
wrongsecrets | jib | |
---|---|---|
9 | 46 | |
422 | 13,399 | |
- | 0.4% | |
9.7 | 8.0 | |
over 1 year ago | 12 days ago | |
Java | Java | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
wrongsecrets
- Learning secrets management in the modern world using OWASP WrongSecrets Project : Hands-on Labs, CTF style challenges
- Learning secrets management in the modern world using OWASP WrongSecrets Project
-
OWASP WrongSecrets Demo - How NOT to store secrets with the project founder Jeroen Willemsen
TL:DR OWASP WrongSecrets is a great project that gamified app that teaches how not to store secrets. The project was created from real examples that Jeroen and others came across in their work as security engineers (Or mistakes they have made) The App uses a number of different technologies such as docker to show common ways secrets are leaked. The challenges get more difficult as you go and give hints and have comments why this is a bad practice. https://github.com/commjoen/wrongsecrets
-
Secure Deployment: 10 Pointers on Secrets Management
OWASP SAMM on secret management Secure deployment Exercises/examples on how(not) to use secrets Canarytokens Have I been pwned? Gitleaks, Trufflehog
- OWASP WrongSecrets: Examples with how to not use secrets
-
What are some free resources for learning hacking?
Maybe to add: Webgoat https://github.com/WebGoat/WebGoat Juice shop https://github.com/juice-shop/juice-shop Wrongsecrets https://github.com/commjoen/wrongsecrets
-
Want to try some secrets hunting?
Hi! Some friends and I are making a p0wnable app around secrets management! Do you want to give a very early version a shot? Check it out over here. And let us know what you think!
jib
- Nix is a better Docker image builder than Docker's image builder
-
Deploy Secure Spring Boot Microservices on Amazon EKS Using Terraform and Kubernetes
You need to build Docker images for each app. This is specific to the JHipster application used in this tutorial which uses Jib to build the images. Make sure you are logged into Docker using docker login. Navigate to each app folder (store, invoice, product) and run the following command:
-
Tool to build Docker images
JIB
-
Thin (ish) Clojure jars for better docker containers
It is pretty easy to do with https://github.com/GoogleContainerTools/jib.
-
Trying to spin up a Ktor app using docker containers. I keep getting "no main manifest attribute, in app.jar"
Save yourself the dockerfile and use jib: https://github.com/GoogleContainerTools/jib/tree/master/jib-maven-plugin
-
Fearless Distroless
I first learned about Distroless because it was the default option in Google's Jib. Jib is a Maven plugin to create Docker containers without dependency on Docker. Note that the default has changed now.
- Razvijanje mikroservisa na lokalnoj mrezi
-
Spring Boot pod takes 60 seconds to become ready; trouble handling spiky workloads
Optimize your Dockerfile by using a small base Java Image, use either Spring Boot's layers tools or Google Jib to build your docker file, and increase CPU/Memory requests and limits if you can.
-
CI/CD with Spring Boot and Jenkins Pipelines
In this section, we will setup the automated generation and deployment of a Docker container image. You will need a Docker Hub account and the Jib Gradle Plugin.
-
What is Docker All About and How to Deploy Spring Boot Application In Docker?
If you don't want to hack on your own scripts to package your app into a container, I can recommend the JIB maven plugin. A gradle version is also available.
What are some alternatives?
juice-shop - OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
kaniko - Build Container Images In Kubernetes
trufflehog - Find and verify secrets
jkube - Build and Deploy java applications on Kubernetes
WebGoat - WebGoat is a deliberately insecure application
buildkit - concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit
kubernetes-client - Java client for Kubernetes & OpenShift
Bazel - a fast, scalable, multi-language and extensible build system
Keywhiz - A system for distributing and managing secrets
docker-maven-plugin - INACTIVE: A maven plugin for Docker
gitleaks - Protect and discover secrets using Gitleaks 🔑
shadow - Gradle plugin to create fat/uber JARs, apply file transforms, and relocate packages for applications and libraries. Gradle version of Maven's Shade plugin.