tfsec
buildah
tfsec | buildah | |
---|---|---|
7 | 25 | |
2,991 | 7,019 | |
- | 1.0% | |
9.4 | 9.6 | |
almost 3 years ago | about 17 hours ago | |
Go | Go | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
tfsec
-
Terraform in AWS
Using pre-commit framework with terraform repository, will help your code to be kept clean, formated, updated document and checked for tf security issues (optional with tfsec) before committing and pushing the code to git source.
-
Terraforming in 2021 – new features, testing and compliance
Here again more than one tool exists to assist. We will highlight two of the most popular ones here: tfsec and checkov. Both provide a predefined set of checks that they use to inspect your code, allowing to explicitly open exceptions (if you really want to) by annotating your code with comments, and adjust the configuration to ignore some modules, for example.
-
How FirstPort manage GitHub, using code stored in GitHub
An additional benefit of using a CI workflow is adding automated tests. In this scenario, I’ve added a step leveraging tfsec to scan for static code vulnerabilities. In the example below, tfsec warns against creating an Azure network security rule which is fully open. This will halt and fail the workflow unless I provide an ignore comment to accept the warning.
-
Terraform v15.0 with AWS (EKS deployment)
· Provision an EKS Cluster (AWS) · Terraform v15.0 · Terraform Registry · Pre-Commit · Terraform Pre-commit · Terraform-docs · Tflint · Tfsec
-
A way to restrict options for devs in AWS
Using terraform, create a skeleton directory that they can review for how EC2 instances should be created. Use tools like https://github.com/tfsec/tfsec or other scanners/linters to validate that your developers followed this process and didn't uncheck something.
-
Terraform VMware vSphere Provider - is it worth it?
I know tfsec (https://github.com/tfsec/tfsec) which is pretty good for AWS resources but I think vSphere resources are not implemented.
-
Gopher Gold #15 - Wed Oct 14 2020
tfsec/tfsec (Go): 🔒🌍 Static analysis powered security scanner for your terraform code
buildah
-
A gopher’s journey to the center of container images
For the task of building the graph image, my first idea was to rely on buildah. In fact, our design was already heavily relying on containers/image for all things regarding copying images from one registry to the other, or from one registry to an archive. The obvious choice was to use the same suite of modules in order to keep dependencies to a minimum.
-
Podman Desktop for Java Development
I appreciate that podman can run daemonless, but I've gotten tired of waiting for them to implement heredoc support and have continued to use docker.
-
How to use Podman inside of a container
You do realize that, under the hood, buildah uses a container engine (runc by default)? See https://github.com/containers/buildah/blob/main/docs/buildah...
-
Container and image vocabulary
buildah
-
How to use Buildah to create a build-service written in golang
I found this small tutorial: https://github.com/containers/buildah/blob/main/docs/tutorials/04-include-in-your-build-tool.md and it works.
-
From code to customers in just 13 seconds.
# https://github.com/containers/buildah/issues/3666 volume /var/lib/containers
-
Podman v4.4, Buildah v1.29 released!
Last week, Buildah version 1.29 was also released. The prune command has been added to clean intermediate images as well as the build and mount cache. Support for the –group-add option to the from and build commands was added. One useful feature of this, it to use the –group-add keep-groups option, which allows rootless users to take advantage of their group access to file and devices mounted into the build containers. And the –cache-from and –cache-to options for the build command now allow for multiple sources. This can be used to improve the speed of builds, especially in CI/CD environments.
- Crafting container images without Dockerfiles
-
Rails on Docker · Fly
Unfortunately this syntax is not generally supported yet - it's only supported with the buildkit backend and only landed in the 1.3 "labs" release. It was moved to stable in early 2022 (see https://github.com/moby/buildkit/issues/2574), so that seems to be better, but I think may still require a syntax directive to enable.
Many other dockerfile build tools still don't support it, e.g. buildah (see https://github.com/containers/buildah/issues/3474)
Useful now if you have control over the environment your images are being built in, but I'm excited to the future where it's commonplace!
-
Container Deep Dive 2: Container Engines
For more information regarding the bundled tools see: CRI tools.
What are some alternatives?
checkov - Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
kaniko - Build Container Images In Kubernetes
tflint - A Pluggable Terraform Linter
buildkit - concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit
terrascan - Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
rules_docker - Rules for building and handling Docker images with Bazel
atlantis - Terraform Pull Request Automation
SSVM - WasmEdge is a lightweight, high-performance, and extensible WebAssembly runtime for cloud native, edge, and decentralized applications. It powers serverless apps, embedded functions, microservices, smart contracts, and IoT devices.
pre-commit-hooks - Some out-of-the-box hooks for pre-commit
podman - Podman: A tool for managing OCI containers and pods.
terraform-aws-gitlab-runner - Terraform module for AWS GitLab runners on ec2 (spot) instances
go-admin - 基于Gin + Vue + Element UI & Arco Design & Ant Design 的前后端分离权限管理系统脚手架(包含了:多租户的支持,基础用户管理功能,jwt鉴权,代码生成器,RBAC资源控制,表单构建,定时任务等)3分钟构建自己的中后台项目;项目文档》:https://www.go-admin.pro V2 Demo: https://vue2.go-admin.dev V3 Demo: https://vue3.go-admin.dev Antd 订阅版:https://antd.go-admin.pro