Operations | Monitoring | ITSM | DevOps | Cloud

October 2020

sysdig

SOC 2 compliance for containers and Kubernetes security

Oct 27, 2020 By Vicente Herrera García In Sysdig

This article contains useful tips to implement SOC 2 compliance for containers and Kubernetes. The Service Organization Controls (SOC) reports are the primary way that service organizations provide evidence of how effective their controls are for finance (SOC 1) or securing customer data (SOC 2, SOC 3). These reports are issued by the American Institute of Certified Public Accountants (AICPA).

Read Post
sysdig

Understanding and mitigating CVE-2020-8566: Ceph cluster admin credentials leaks in kube-controller-manager log

Oct 26, 2020 By Kaizhe Huang In Sysdig

While auditing the Kubernetes source code, I recently discovered an issue (CVE-2020-8566) in Kubernetes that may cause sensitive data leakage. You would be affected by CVE-2020-8566 if you created a Kubernetes cluster using ceph cluster as storage class, with logging level set to four or above in kube-controller-manager. In that case, your ceph user credentials will be leaked in the cloud-controller-manager‘s log.

Read Post
sysdig

What's new in Sysdig - October 2020

Oct 22, 2020 By Chris Kranz In Sysdig

Welcome to another monthly update on what’s new from Sysdig! This month, our big announcement was around CloudTrail and Fargate scanning support. CloudTrail support gives Sysdig Secure the ability to ingest CloudTrail events. These get fed into the runtime security engine, where rules can be created using the Falco rules language.

Read Post
sysdig

Understanding and mitigating CVE-2020-8563: vSphere credentials leak in the cloud-controller-manager log

Oct 16, 2020 By Kaizhe Huang In Sysdig

While auditing the Kubernetes source code, I recently discovered an issue (CVE-2020-8563) in Kubernetes that may cause sensitive data leakage. You would be affected by CVE-2020-8563 if you created a Kubernetes cluster over vSphere, and enabled vSphere as a cloud provider with logging level set to 4 or above. In that case, your vSphere user credentials will be leaked in the cloud-controller-manager‘s log.

Read Post
sysdig

How to monitor kube-proxy

Oct 15, 2020 By Víctor Jiménez Cerrada In Sysdig

In this article, you will learn how to monitor kube-proxy to ensure the correct health of your cluster network. Kube-proxy is one of the main components of the Kubernetes control plane, the brains of your cluster. One of the advantages of Kubernetes is that you don’t worry about your networking or how pods physically interconnect with one another. Kube-proxy is the component that does this work.

Read Post
sysdig

K3s + Sysdig: Deploying and securing your cluster... in less than 8 minutes!

Oct 13, 2020 By Dan Papandrea In Sysdig

As Kubernetes is eating the world, discover an alternative certified Kubernetes offering called K3s, made by the wizards at Rancher. K3s is gaining a lot of interest in the community for its easy deployment, low footprint binary, and its ability to be used for specific use cases that the full Kubernetes may be too advanced for. K3s is a fully CNCF (Cloud Native Computing Foundation) certified Kubernetes offering.

Read Post

Webinar: Exploring Kubernetes 1.18 with Alex Ellis

Oct 13, 2020 By Sysdig In Sysdig
With the release of Kubernetes 1.18, we saw 40 features and updates added. In a recent blog post we collated these together in one place so that you can learn what may affect your clusters and prepare for change. Now, we go one step further, inviting Alex Ellis, CNCF Ambassador and Open Source project founder to share his take on the changes. We saw Alex’s in-depth article on the recent deprecations around “kubectl run” and asked him to pick four of his highlights to share with examples.
View Video
sysdig

Image scanning for Google Cloud Build

Oct 6, 2020 By Vicente Herrera García In Sysdig

In this article, you will learn how to add inline image scanning to a Google Cloud Build pipeline using the Sysdig Secure DevOps platform. We will show you how to create a basic workflow to build your container image, scan the image, and push it to a registry. We will also customize scanning policies to stop the build if a high-risk vulnerability is detected.

Read Post

CNCF Webinar: Critical DevSecOps considerations for Multicloud Kubernetes

Oct 2, 2020 By Sysdig In Sysdig
The distributed nature of Kubernetes has turned both legacy infrastructure and traditional cybersecurity approaches on their heads. Organizations building cloud-native environments in their own data centers grapple with operationalizing and scaling Kubernetes clusters, and then ensuring system-wide security from the infrastructure layer all the way up to each container. In this webinar, you’ll hear from two cloud-native experts in infrastructure and security who will offer up valuable insights on.
View Video

CNCF Webinar: Getting started with container runtime security using Falco

Oct 2, 2020 By Sysdig In Sysdig
Protect Kubernetes? As Kubernetes matures, security is becoming an important concern for both developers and operators. In this talk, Loris Degioanni (CTO and Founder @Sysdig) will give an overview of cloud native security, discuss its different aspects, with particular focus on runtime, and explain what inspired the development of Falco, the CNCF container security project. Through demonstration, he will educate the CNCF community on the ways Falco is being used for real-world workloads. Lastly, he will share the latest on Falco’s adoption, maturation within CNCF and what’s on the horizon.
View Video

Copyright © 2024 OpsMatters™. All rights reserved.