kapitan-reference
checkov
Our great sponsors
| kapitan-reference | checkov | |
|---|---|---|
| 2 | 48 | |
| 40 | 5,627 | |
| - | 1.9% | |
| 4.0 | 10.0 | |
| about 1 month ago | 6 days ago | |
| Python | Python | |
| - | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
kapitan-reference
-
Does anybody else find Helm charts pretty useless?
You can find some example in our repository
checkov
-
Terraform Security Best Practices
We use https://www.checkov.io/ for this, it's very simple to get started with and works really well as PR quality gate
-
How long have you guys actually had the title “platform engineer”? What other titles did you have before that, if any?
Once there is a CI pipeline for delivering infra changes you can add static code analysis tools (checkov) and even start testing changes (terratest)
-
What are the best static analysis security testing tools for Terraform and infrastructure as code?
I just had a brief chat with one of the developers of Checkov and it sounds nice (and open source). I haven't had a chance to play with it, but if you want to it's at https://www.checkov.io/
-
Looking for a tool to enforce policies on terraform files names/content
You might be referring to checkov ? https://github.com/bridgecrewio/checkov
-
Continuous Delivery for the rest of us
Specifically, a pipeline should be run every time a pull request is opened, and it should check the code for errors and security bugs; you can use tools such as Checkov or similar.
- Breve guia de sobrevivência com Terraform
-
Securing the software supply chain in the cloud
Chekov – Scan for open-source and Infrastructure-as-Code vulnerabilities
-
SBOM with Checkov
Well, yes, Checkov is a quality scanner, but from some time already it is more than that! Let's see on the frameworks which can be scanned by Checkov:
-
Is OPA Gatekeeper the best solution for writing policies for k8s clusters?
We’ve been using https://www.checkov.io/ for terraform and will be using this for yaml and helm. Lots of policies out of the box.
What are some alternatives?
tfsec - Security scanner for your Terraform code [Moved to: https://github.com/aquasecurity/tfsec]
tflint - A Pluggable Terraform Linter
trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
OPA (Open Policy Agent) - An open source, general-purpose policy engine.
terrascan - Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
terraform-security-scan - Run a security scan on your terraform with the very nice https://github.com/aquasecurity/tfsec
cfn_nag - Linting tool for CloudFormation templates
terratest - Terratest is a Go library that makes it easier to write automated tests for your infrastructure code.
kics - Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
tfsec - Security scanner for your Terraform code
atlantis - Terraform Pull Request Automation
conftest - Write tests against structured configuration data using the Open Policy Agent Rego query language