semaphore-demo-ruby-kubernetes
appshield
semaphore-demo-ruby-kubernetes | appshield | |
---|---|---|
3 | 2 | |
19 | 109 | |
- | - | |
5.0 | 7.9 | |
3 months ago | about 2 years ago | |
Ruby | Open Policy Agent | |
MIT License | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
semaphore-demo-ruby-kubernetes
appshield
-
Continuous Container Vulnerability Testing With Trivy
Being proactive in this area means using IaC tools such as Terraform, so Trivy can enforce a set of rules that encode good security practices.
-
A simple security scanner for vulnerabilities and configuration issues in IaC such as Kubernetes, Dockerfile and Terraform
For the IaC scanning there's a couple of rule sources. The Docker and Kubernetes rules come from the AppShield project (https://github.com/aquasecurity/appshield/). The Terraform Scanning is powered by tfsec (https://github.com/aquasecurity/tfsec/)
What are some alternatives?
trivy-ci-test
trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
semaphore-demo-ruby-kubernetespipeline.png
trivy-plugin-kubectl - A Trivy plugin that scans the images of a kubernetes resource
tfsec - Security scanner for your Terraform code
cuber-gem - An automation tool that simplify the deployment of your apps on Kubernetes.
kubeconform - A FAST Kubernetes manifests validator, with support for Custom Resources!
kube-score - Kubernetes object analysis with recommendations for improved reliability and security. kube-score actively prevents downtime and bugs in your Kubernetes YAML and Charts. Static code analysis for Kubernetes.
kubernetes-extension-fortosi - 'Fortosi' Kubernetes extension is meant to address a fundamental requirement of any project team running their applications on Kubernetes - which is to quickly provision CI/CD pipelines (on demand) for their various private/public GitHub projects/organisation using simple kubectl commands. Basically, implementing the concept of No Ops. It is agnostic of cloud platform, be it AWS (EKS) or Azure (AKS), and agnostic of application technology framework.