tag-env-sustainability
grype


tag-env-sustainability | grype | |
---|---|---|
7 | 61 | |
251 | 9,332 | |
0.4% | 2.5% | |
9.0 | 9.7 | |
about 1 month ago | 5 days ago | |
HTML | Go | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
tag-env-sustainability
-
How AI Energy Issues Can Affect Your Life
Some cloud services and larger technology organizations are working to decrease the demand load on utilities by powering systems entirely by renewable energy. Also, a data center may arrange to provide most of its server-generated heat to community projects or other buildings that would have needed electricity for heating. This allows zero carbon heat emission.
-
Building a Sustainable Web: a practical exploration of Open Source tools and strategies
The very first community I became part of was the Environmental Sustainability Technical Advisory Group which is part of the CNCF. The TAG Env Sustainability's goal is similar to the GSF's: their mission is to "advocate for, develop, support and help evaluate environmental sustainability initiatives in cloud native technologies."
-
Ask HN: Good online communities to learn about Green / Sustainable Computing?
To learn more about and interact with like minded folks on the topic of Green and/or Sustainable computing, where does one go to online?
Some examples I found:
- Green Software Foundations' various project github repo discussion groups - https://wiki.greensoftware.foundation/governance/projects
- Cloud Native Computing Foundation Environmental Sustainability Workgroup's github discussion group - https://github.com/cncf/tag-env-sustainability
- Sustainable Living at Stackexchange - https://sustainability.stackexchange.com (the green computing related posts are more limited in numbers it seems)
More suggestions and opinions is most appreciated!
-
Introduction to the Kubernetes ecosystem
It is also interesting to meet the community : the TAGs (Tech Advisor Group) which provide strategic guidance and advice on technical issues, as well as the SIGs (Special Interest Group) which focuses on areas of interest or specific expertise within the Kubernetes community to drive development and innovation. The TAGs are specialized by areas, for example on security or environmental sustainability.
- Reducing your environmental impact with the Linkerd service mesh
- GitHub - cncf/tag-env-sustainability: 🌳🌍♻️ TAG Environmental Sustainability
- cncf/wg-env-sustainability: 🌳🌍♻️ Environmental Sustainability Working Group
grype
- Deep Dive 🤿: Where Does Grype Data Come From?
- Grype: Fast and Accurate Vulnerability Scanner for Containers and Filesystems
-
Running WordPress on Containers
Grype is a popular open source CVE scanner that scans for known vulnerabilities in container images and filesystems. At the time of this writing, the latest release is 0.80.1 and you can find packages for most operating systems in their releases page.
-
Ask HN: Pragmatic way to avoid supply chain attacks as a developer
CycloneDX tools offer packages for each and every programming language. [1]
The dependency track project accumulates all dependency vulnerabilities in a dashboard. [2]
Container SBOMs can be generated with syft and grype [3] [4]
[1] https://github.com/CycloneDX
[2] https://github.com/DependencyTrack
[3] https://github.com/anchore/syft
[4] https://github.com/anchore/grype
- A vulnerability scanner for container images and filesystems
-
Introduction to the Kubernetes ecosystem
Trivy Operator : A simple and comprehensive vulnerability scanner for containers and other artifacts. It detects vulnerabilities of OS packages (Alpine, Debian, CentOS, etc.) and application dependencies (pip, npm, yarn, composer, etc.) (Alternatives : Grype, Snyk, Clair, Anchore, Twistlock)
- Suas imagens de container não estão seguras!
-
I looked through attacks in my access logs. Here's what I found
Besides pointing pentester tools like metasploit at yourself, there are some nice scanners out there.
https://github.com/quay/clair
https://github.com/anchore/grype/
-
Distroless images using melange and apko
Using Grype:
-
Scanning and remediating vulnerabilities with Grype
In the lab to follow, we'll see how vulnerability scanning can be conveniently achieved with Grype and how various systematic techniques can be applied to start securing our microservices at the container image level.
What are some alternatives?
kaito - Kubernetes AI Toolchain Operator
trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
kube-green - A K8s operator to reduce CO2 footprint of your clusters
clair - Vulnerability Static Analysis for Containers
open-sustainable-technology - A directory and analysis of the open source ecosystem in the areas of climate change, sustainable energy, biodiversity and natural resources. https://docs.getgrist.com/gSscJkc5Rb1R/OpenSustaintech
syft - CLI tool and library for generating a Software Bill of Materials from container images and filesystems
llama - Inference code for Llama models [Moved to: https://github.com/meta-llama/llama]
anchore-engine - A service that analyzes docker images and scans for vulnerabilities
sealed-secrets - A Kubernetes controller and tool for one-way encrypted Secrets
opencve - CVE Alerting Platform
sig-security - 🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more!
falco - Cloud Native Runtime Security

