New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Proposal for security overview page #2188
base: main
Are you sure you want to change the base?
Conversation
- RBAC | ||
- policies | ||
- runtime detection | ||
- cloud security posture | ||
- image scanning and provenance | ||
- secret mgmt within the cluster | ||
- traffic encryption |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we also mention higher-level goals? The terms described here all fit well, and maybe they can be made into one or more reasonable diagrams to describe the threats and high-level goals.
Here's a short description to show what I mean:
For example, you want to prevent intrusion by attackers and the related loss of trust by end users. Therefore, security must be ensured at all times, including when software is already deployed and running on a cluster (runtime detection). Also, secure transport of data to and within clusters is essential (traffic encryption) or even mandated by regulation. To avoid social engineering attacks, users should have the least possible privileges (RBAC).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You are right, starting with the high level goals would be better and then break those down to point the different capabilities we offer and could help toward these goals
We haven't started on this doc yet 😅 but we will take that into consideration |
Co-authored-by: Andreas Sommer <andreas@giantswarm.io>
What this PR does / why we need it
Towards https://github.com/giantswarm/giantswarm/issues/30733
Things to check/remember before submitting
If you made content changes
make dev
to render and proofread content changes locally.last_review_date
in the front matter header if you reviewed the entire page.