cloud-native-security-inspector
cloud-native-security-inspector copied to clipboard
vmware-tanzu
This project scans and assesses workloads in Kubernetes at runtime. It can apply protection rules to workloads to avoid further risks as well.
**Is your feature request related to a problem? Please describe.** No **Describe the solution you'd like** Users of Cloud-native security inspector would like to detect threats at runtime by observing...
Resource collector's duty is to collect the data from the securiy insepctors of every demensions. Such as image scanners, k8s misconfigurations and runtime intrutions. For single-cluster architechture, resource collector can:...
Before resource collecter is implemented, we still need to keep the current cronjob way for image scanner. After the resource collector is implemented, we can let it to: 1. Read...
The risk scanner actually plays the role of Analyst. It combines the information of the image scanner report and the service configurations of the workloads. Then provide security insights for...
Currently we have several different decoupled components, they have seperated dockerfiles but they share the same go.mod file. This doesn't make sense because some unnecessary dependencies will be built into...
**Environment** Platform: minikube (Not specific to platform) Kubernetes/Platform Version(s): **Describe the bug** In the inspectionPolicy setting the invalid "settingsName" is not throwing any error. There was no cronJob getting created....
**Describe the solution you'd like** For now, scanning in this project is triggered by cronjobs periodically. In this case, the changes such as workload creation/termination/update during the scanning interval will...
**Describe the solution you'd like** After the vulnerabilities are caught, we can offer a WAF(run as a sidecar container to the workload container) to partially hijack the network traffic to...
**Describe the solution you'd like** We'd like a solution to identify which components are loaded in workloads containers, so the attack surface or vulnerability exploitation can be narrowed down. At...
**Is your feature request related to a problem? Please describe.** No **Describe the solution you'd like** Currently, Project Narrows is a policy-based(rule-based) system that helps users to identify violations and...
Metadata
Owner
Metadata
This project scans and assesses workloads in Kubernetes at runtime. It can apply protection rules to workloads to avoid further risks as well.