scratch
Definition
In the context of software development and security, “scratch” refers to starting a project or process from the beginning, without using any pre-existing code or configurations. This approach can be beneficial for ensuring that security best practices are integrated from the outset, as it allows developers to design systems with security in mind, rather than retrofitting security measures onto existing systems.
Secure Settings Example
# Kubernetes PodSecurityContext example for a secure pod configuration
apiVersion: v1
kind: Pod
metadata:
name: secure-pod
spec:
securityContext:
runAsNonRoot: true
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
containers:
- name: secure-container
image: secure-image:latest
securityContext:
capabilities:
drop:
- ALL
Insecure Settings Example
# Kubernetes PodSecurityContext example with insecure settings
apiVersion: v1
kind: Pod
metadata:
name: insecure-pod
spec:
securityContext:
runAsNonRoot: false
readOnlyRootFilesystem: false
allowPrivilegeEscalation: true
containers:
- name: insecure-container
image: insecure-image:latest
securityContext:
capabilities:
add:
- NET_ADMIN