We are at BLACKHATUSA2022, come see us at #IC75,check out our BlackHAT training sessions

Kubernetes Static Analysis Smackdown

February 21, 2022
Kubernetes Static Analysis Smackdown - TerraScan, Checkov, Kube-Linter & KubeSec | Way of the Future

Kubernetes #YAML Manifests are the backbone of deploying on Kubernetes. However, you can introduce several security vulnerabilities that can lead to your Kubernetes Cluster getting compromised, through Security Misconfigurations.YAML Manifest Linters or Static Analysis tools help us identify security issues with our Kubernetes Manifests. If we identify issues early in our #CI/#CD Pipeline with tools, we can fix issues early, before they even become issues.In this segment of AppSecEngineer's "Way of the Future", Abhay Bhargav compares 4 Kubernetes Static Analysis or Linting tools from a Security Perspective.These Tools are:* Terrascan from Accurics* Kube-Linter from StackRox* Checkov from BridgeCrew* KubeSec from ControlPlane.ioAll of these tools are Open-Source and are meant to do analysis of Kubernetes Manifests for security vulnerabilities.

Abhay Bhargav

Abhay Bhargav

Abhay is a speaker and trainer at major industry events including DEF CON, BlackHat, OWASP AppSecUSA. He loves golf (don't get him started).