Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Adopting a fine-grained policy-as-code authorization approach based on Open Policy Agent (OPA)– the leading open-source policy engine– is a huge step forward in building microservices applications that run reliably and securely.

As you probably know by now, PodSecurityPolicy has been deprecated from Kubernetes for over a year, since the release of Kubernetes 1.21. In short PSP was an admission controller that let cluster managers control security by managing pod-specific policy. Like most other admission controllers, PSP could specify requirements one must meet to enter a pod, and deny any requests which don’t meet that requirement. In rare cases, PSP could also modify pod fields, changing requirements for access.

Scanning a container image for vulnerabilities or misconfigurations on your GitLab CI/CD using Sysdig Secure is a straightforward process. This article demonstrates a step-by-step example of how to do it. The following proof of content showcased how to leverage the sysdig-cli-scanner with GitLab CI/CD. Although possible, this procedure is not officially supported by Sysdig, so we recommend checking the documentation to adapt these steps to your environment.

GitOps is a popular framework for managing and securing the application development pipeline. For many who have embarked on a GitOps journey, a common question is: “how can I secure my pipeline when everything is automated?” The GitOps framework is a concept where any code commits or changes are done through Git, which then triggers an automated pipeline that builds and deploys applications on Kubernetes.

Authentication and authorization are two complementary and critical parts of securing cloud-native applications and infrastructure. Yet, there can be some confusion between these terms. The importance of cybersecurity approaches, such as Zero Trust and the principle of least privilege, make it critical to understand and implement appropriate authorization and authentication processes across cloud-native development.

A Denial-of-Service (DoS) is an attack meant to shut down a machine or network, making it inaccessible to its intended users, so dos Kubernetes is a potential target. In the case of Distributed Denial-of-Service (DDoS), the attacker will look to maintain some form of anonymity so their activities cannot be traced. They can route traffic through Tor and VPN infrastructure to scan, attack, or compromise the target, while maintaining anonymous communications.