awesome-kubernetes/docs/devsecops.md

Security and DevSecOps. Container Security

• Introduction
• Kubernetes Config Security Threats
• Multi-Level Security (MLS) vs Multi-Category Security (MCS). Make Secure Pipelines with Podman and Containers
• Project Calico
• keycloak
• Security Patterns for Microservice Architectures
• Anchore Container Security Solutions for DevSecOps
  • Secure Container Based CI/CD Workflows
  • Securing Kubernetes With Anchore
• GitHub security
• Databases in DMZ and Intranet
• Removing Credentials From Git Repo
• Manage your secrets in Git with SOPS for Kubernetes
• Pentesting
• GitOps Secret Management
  • HashiCorp Vault
  • Alternatives
• Serverless Security Best Practices

Introduction

• fiercesw.com: DevOps vs DevSecOps
• devopszone.info: DevSecOps Explained
• linkedin: Dear Google, my data has left your building!
• snyk.io: The State of Open Source Security 2020

Kubernetes Config Security Threats

• cncf.io: Identifying Kubernetes Config Security Threats: Pods Running as Root
• mirantis.com: Introduction to Istio Ingress: The easy way to manage incoming Kubernetes app traffic Leaving your cluster exposed can be risky. That's why you need Istio Ingress, which only exposes the part that handles incoming traffic & allows routing rules based on routes, headers, IP addresses and more.

Multi-Level Security (MLS) vs Multi-Category Security (MCS). Make Secure Pipelines with Podman and Containers

• Why you should be using Multi-Category Security (MCS) for your Linux containers
• Using Podman and Containers to make a more secure pipeline

Project Calico

• Project Calico Secure networking for the cloud native era

keycloak

• keycloak.org Open Source Identity and Access Management For Modern Applications and Services

Security Patterns for Microservice Architectures

• Security Patterns for Microservice Architectures

Anchore Container Security Solutions for DevSecOps

• Anchore Container image inspection and policy-based compliance

Secure Container Based CI/CD Workflows

• Secure Container Based CI/CD Workflows
• Jenkins Plugin: Anchore Container Image Scanner

Securing Kubernetes With Anchore

• Securing Kubernetes With Anchore

GitHub security

• GitHub security: what does it take to protect your company from credentials leaking on GitHub? 🌟

Databases in DMZ and Intranet

• Databases in DMZ and Intranet

Removing Credentials From Git Repo

• medium: The Easiest Way To Remove Checked In Credentials From A Git Repo

Manage your secrets in Git with SOPS for Kubernetes

• dev.to: Manage your secrets in Git with SOPS for Kubernetes 🌟

Pentesting

• forbes.com: DevOps Drives Pentesting Delivered As A Service

GitOps Secret Management

HashiCorp Vault

• vaultproject.io Manage Secrets and Protect Sensitive Data. Secure, store and tightly control access to tokens, passwords, certificates, encryption keys for protecting secrets and other sensitive data using a UI, CLI, or HTTP API.
• medium: Coding for Secrets Reliability with HashiCorp Vault
• hashicorp.com: Vault & Kubernetes: Better Together
• OpenShift Blogs:
  • https://www.openshift.com/blog/managing-secrets-openshift-vault-integration
  • https://www.openshift.com/blog/vault-integration-using-kubernetes-authentication-method
  • https://www.openshift.com/blog/integrating-vault-with-legacy-applications
  • https://www.openshift.com/blog/integrating-hashicorp-vault-in-openshift-4

Alternatives

• GitOps secret management with bitnami-labs Sealed Secret and GoDaddy Kubernetes External Secrets

Serverless Security Best Practices

• 10 Serverless security best practices