KubeArmor Security Self Assessment #1430
Open
+221
−0
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: daemon1024 <[email protected]>
✅ Deploy Preview for tag-security ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
nyrahul
suggested changes
Dec 26, 2024
|
|
||
| ### Table of contents | ||
|
|
||
| - [KubeArmor Securiy Self-assessment](#kubearmor-securiy-self-assessment) |
There was a problem hiding this comment.
Suggested change
| - [KubeArmor Securiy Self-assessment](#kubearmor-securiy-self-assessment) | |
| - [KubeArmor Security Self-assessment](#kubearmor-security-self-assessment) |
|
|
||
| ### Overview | ||
|
|
||
| KubeArmor is a runtime Kubernetes security engine. It uses eBPF and Linux Security Modules(LSM) for fortifying workloads based on Cloud Containers, IoT/Edge, and 5G networks. It provides premptive mitagation using policy-based controls. |
There was a problem hiding this comment.
Suggested change
| KubeArmor is a runtime Kubernetes security engine. It uses eBPF and Linux Security Modules(LSM) for fortifying workloads based on Cloud Containers, IoT/Edge, and 5G networks. It provides premptive mitagation using policy-based controls. | |
| KubeArmor is a runtime Kubernetes security engine. It uses eBPF and Linux Security Modules(LSM) for fortifying workloads based on Cloud Containers, IoT/Edge, and 5G networks. It provides premptive mitigation using policy-based controls. |
|
|
||
| #### Background | ||
|
|
||
| [KubeArmor](https://kubearmor.io/) is a runtime security engine for kubernetes and other cloud workloads. Users can harden their workloads, create Zero Trust security posture i.e., allowing specific systems actions and denying rest using KubeArmor security policies. KubeArmor supports [inline mitigation](https://github.com/kubearmor/KubeArmor/blob/main/getting-started/differentiation.md) for preventing attacks. Due to its versatility, KubeArmor has found its relevance in Edge and 5G Control Plane security scenarios as well. |
There was a problem hiding this comment.
Suggested change
| [KubeArmor](https://kubearmor.io/) is a runtime security engine for kubernetes and other cloud workloads. Users can harden their workloads, create Zero Trust security posture i.e., allowing specific systems actions and denying rest using KubeArmor security policies. KubeArmor supports [inline mitigation](https://github.com/kubearmor/KubeArmor/blob/main/getting-started/differentiation.md) for preventing attacks. Due to its versatility, KubeArmor has found its relevance in Edge and 5G Control Plane security scenarios as well. | |
| [KubeArmor](https://kubearmor.io/) is a runtime security engine for kubernetes and other cloud workloads. Users can harden their workloads, create Zero Trust security posture i.e., allowing specific systems actions and denying rest using KubeArmor security policies. KubeArmor supports [inline mitigation](https://github.com/kubearmor/KubeArmor/blob/main/getting-started/differentiation.md) for preventing attacks. Due to its versatility, KubeArmor has found its relevance in [Edge](https://open-horizon.github.io/docs/demos/kubearmor/) and [5G Control Plane security](https://www.5gsec.com/tech/tech-5g-kubearmor) scenarios as well. |
| 5. **Relay** | ||
| - Aggregates logs from `Daemonset` and acts as a communication channel between `Daemonset` and external tools. | ||
|
|
||
| 6. **kArmor CLI** |
There was a problem hiding this comment.
Suggested change
| 6. **kArmor CLI** | |
| 6. **karmor CLI** |
Comment on lines
+207
to
+208
| - [Open SSF Best Practices](https://bestpractices.coreinfrastructure.org/projects/5401). | ||
| - [Open SSF Scorecard](https://securityscorecards.dev/viewer/?uri=github.com/kubearmor/KubeArmor). |
There was a problem hiding this comment.
Suggested change
| - [Open SSF Best Practices](https://bestpractices.coreinfrastructure.org/projects/5401). | |
| - [Open SSF Scorecard](https://securityscorecards.dev/viewer/?uri=github.com/kubearmor/KubeArmor). | |
| - [OpenSSF Best Practices](https://bestpractices.coreinfrastructure.org/projects/5401). | |
| - [OpenSSF Scorecard](https://securityscorecards.dev/viewer/?uri=github.com/kubearmor/KubeArmor). |
35 tasks
|
@daemon1024 , can you please handle the checks failures? Thanks |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The initial self-assessment for KubeArmor (#1372)
Authors: @daemon1024