Our great sponsors
-
checkov
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
-
trivy
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
datree
Prevent Kubernetes misconfigurations from reaching production (again 😤 )! From code to cloud, Datree provides an E2E policy enforcement solution to run automatic checks for rule violations. See our docs: https://hub.datree.io
-
Kubewarden
Kubewarden is a policy engine for Kubernetes. It helps with keeping your Kubernetes clusters secure and compliant. Kubewarden policies can be written using regular programming languages or Domain Specific Languages (DSL) sugh as Rego. Policies are compiled into WebAssembly modules that are then distributed using traditional container registries.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
We’ve been using https://www.checkov.io/ for terraform and will be using this for yaml and helm. Lots of policies out of the box.
I'm one of the developers of kubewarden, a CNCF sandbox project that operates in the same space as OPA/Gatekeeper and Kyverno.
You can test and have this up-and-running in less than 30 minutes... 1. deploy NeuVector into your cluster and login (~10 minutes via helm?) 2. login & change admin password - (2 minutes?) 3. Policy > Admission Control 4. click Add - select "Image Registry", "is one of", add your registries, click add - (2 minutes?) 5. click Add - select "Resource Limit Configuration (RLC) - set appropriate values, click add - (4 minutes?) 6. Click Status to "Enabled" & confirm Mode is set to "Monitor" so you can collect violation data without pissing someone off. (the Protect mode will block scheduling of image by kubernetes) - 2 minutes