emissary VS trivy

We will install Ambassador Gateway which is an open-source Kubernetes-native API gateway for microservices. We will use it as a reverse proxy to manage external access to services within our Kubernetes cluster.

Command and Query services APIs can be managed via lightweight, independently deployable, and scalable API gateways that can run anywhere that allow developers to manage API endpoints. They can handle extremely large volumes, as they run on highly scalable platforms, for example, Apache APISIX, Kong, Tyk, and Ambassador to name a few.

Ambassador

Did you know that it takes 23 minutes to get into a flow state? For some people it takes even longer. That means that for every question, disruption, email, and interruption that you or your coworkers are subjected to, it could be half an hour of productivity down the drain. We talked to Katie Wilde, VP of Engineering at Ambassador Labs, about how she manages workflow

Let's dive deep and start understanding more bit about Emissary Ingress.

Emissary is pretty much the gold standard for people with complicated setups: https://github.com/emissary-ingress/emissary

Katie Wilde, VP of Engineering at Ambassador Labs, knows your pain and she’s on a crusade to help devs everywhere reclaim their focus.

Ambassador API Gateway is an Envoy-based ingress controller.

I am starting to doubt their marketing materials about broad adoption, because we cannot get it to work even with basic setup. Apart from terrible DX (e.g. you can provide whatever arbitrary configs, there is no validation), we keep hitting bug after bug after bug. They are not small bugs either, e.g. broken redirects. Any time I try asking questions in their Slack, their sales rep will message asking to "connect via zoom meeting to cover the pricing".

Peter: Yeah. So that was my first time having a DevRel title. I was a developer Advocate for Ambassador Labs, another startup. And so I think they were Series B at the time. They were centered around the developer experience. So I had a lot of fun diving into the DevRel industry with them. And so my manager that I was working for has a long history of DevRel. And so I got to learn a lot of tips and tricks from him.

4. Trivy: https://github.com/aquasecurity/trivy Trivy is a versatile tool that scans for vulnerabilities in your containers, and also checks for vulnerabilities in your application dependencies.

Trivy Owner/Maintainer: Aqua Security Age: First released on GitHub on May 7th, 2019 License: Apache License 2.0 backward-compatible with tfsec

Trivy. A Simple and Comprehensive Vulnerability Scanner for Containers.

Using Trivy:

Trivy is a mature and comprehensive open source tool from Aqua Security that supports scanning multiple sources, from file systems to containers and VMs. Trivy also looks beyond vulnerabilities, to scan licenses, secrets, infrastructure as code misconfiguration, and more.

I would suggest to think about the thread model that you are facing so you can have a better mental model of the weak points of your environment. The very very big majority of these attacks will be automated probing for publicly known vulnerabilities or default credentials. That means the maintainers of the software you are running and the channels on which their updates are shipped to you and deployed are very important factors. For software that is not installed from a trusted and well maintained source (e.g. Ubuntus main repository), you want to make extra sure that vulnerabilities are updated. E.g. your deployed docker containers might contain security issues, you can run checks on these with tools like trivy. The same is also true for appliances, in case your router or firewall contains a software vulnerability, how will you be notified and how will the required updates be deployed?