Container/Artifact Analysis
Definition
Container/Artifact Analysis involves the examination of container images and software artifacts to identify vulnerabilities, misconfigurations, and compliance issues. This process typically includes scanning for known vulnerabilities in software dependencies, checking for outdated packages, and ensuring that security best practices are followed in the configuration of the container or artifact. The goal is to ensure that the container or artifact is secure before deployment into production environments.
Secure Settings Example
# Example of a secure Kubernetes PodSecurityContext
apiVersion: v1
kind: Pod
metadata:
name: secure-pod
spec:
securityContext:
runAsNonRoot: true
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
containers:
- name: secure-container
image: secure-image:latest
securityContext:
capabilities:
drop:
- ALL
Insecure Settings Example
# Example of an insecure Kubernetes PodSecurityContext
apiVersion: v1
kind: Pod
metadata:
name: insecure-pod
spec:
securityContext:
runAsNonRoot: false
readOnlyRootFilesystem: false
allowPrivilegeEscalation: true
containers:
- name: insecure-container
image: insecure-image:latest
securityContext:
capabilities:
add:
- NET_ADMIN