Ben Cressey

@etungsten, @zmrow, @arnaldo2792 - I'd like to get your thoughts too.

I agree that it would be nice to make these configurable in Bottlerocket. I came across this issue today when exploring what would be involved in dropping `CAP_NET_RAW` from the...

> I've got a third-party distoless container which is in need of adjusted ulimits. @nairb774 if I understand correctly, the application doesn't have the logic to raise its own limit,...

Yes, in particular I'd like a way to drop `CAP_NET_RAW` by default, without requiring every pod spec to do that.

We're working with the AWS Inspector team to add first-class support for Bottlerocket - meaning that its vulnerability scan would be aware of our [security advisories](https://github.com/bottlerocket-os/bottlerocket/security/advisories?state=published) and flag nodes that...

It's tentatively slotted into the 1.10.0 release, roughly August. Please let me know if that doesn't work for you since we can try to account for that in the relative...

@misterek it looks like Inspector support will arrive by end of September, though that's gated on internal release processes that can be hard to predict. You'd asked earlier about new...

1.9.2 is the most recent release as of today. 1.10.0 should be out soon, and will bring its own set of non-critical security fixes.

FIPS compliance is our second most requested feature, behind CIS (which is in progress), and I'm planning to focus on it once the CIS benchmark is complete. There are (at...

My heartfelt apologies, @diranged - the 2 AM page is certainly not the sort of experience I want anyone to have. I need to dig into the two errors. In...