Use a tool to scan the k8s manifest and dockerfile #106

abhisheksr01 · 2021-10-12T10:18:51Z

Identity a security tooling to scan the k8s manifest (standard and helm charts) locally and Dockerfile for security recommendations.

abhisheksr01 · 2021-10-12T11:11:55Z

https://www.checkov.io/ seems to be a good candidate it's licensed under apache so free to use.

abhisheksr01 · 2021-10-12T13:25:34Z

Checkov has been added to the pipeline.
ToDo: Update the document to add info about the usage of tooling.

abhisheksr01 self-assigned this Oct 12, 2021

abhisheksr01 added the enhancement New feature or request label Oct 12, 2021

abhisheksr01 added a commit that referenced this issue Oct 12, 2021

feat(#106): add circleci job to scan IAM using checkov

31e9dce

abhisheksr01 added a commit that referenced this issue Oct 12, 2021

feat(#106): remove sudo from the command

b3ae213

abhisheksr01 added a commit that referenced this issue Oct 12, 2021

feat(config.ym, #106): fix checkov installation command

e0c0eac

abhisheksr01 added a commit that referenced this issue Apr 5, 2022

chore(#106): move checkov iac scan job to circleci scheduled workflow

b6db47b

abhisheksr01 added a commit that referenced this issue Jun 20, 2022

feat(#106): update README with devsecops intro

0fd6c77

abhisheksr01 added a commit that referenced this issue Jun 20, 2022

feat(#106): update README with snyk info

4671589

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Use a tool to scan the k8s manifest and dockerfile #106

Use a tool to scan the k8s manifest and dockerfile #106

abhisheksr01 commented Oct 12, 2021

abhisheksr01 commented Oct 12, 2021

abhisheksr01 commented Oct 12, 2021

Use a tool to scan the k8s manifest and dockerfile #106

Use a tool to scan the k8s manifest and dockerfile #106

Comments

abhisheksr01 commented Oct 12, 2021

abhisheksr01 commented Oct 12, 2021

abhisheksr01 commented Oct 12, 2021