Kubernetes Quick Hits: Use SecurityContext to drop unnecessary Linux Capabilities
In this episode of our Kubernetes Quick Hits video series, Eric Smalling–Sr. Developer Advocate at Synk– talks about Linux Capabilities and why you probably can run with none of them enabled. Linux Capabilities is item number six from our recently published cheatsheet, 10 Kubernetes Security Context settings you should understand, check it out and start securing your Kubernetes application deployments today!
Snyk’s IaC scanning tools can help you find where you may be using this setting–as well as many other possible issues–absolutely free by signing up at https://snyk.io/signup and start scanning your repos today.
Tools and topics mentioned in the video:
- Linux capabilities blog by Matt Jarvis: https://snyk.io/blog/kubernetes-securitycontext-linux-capabilities/
- 2-part Linux Capabilities blog series by Adrian Mouat:
- https://blog.container-solutions.com/linux-capabilities-why-they-exist-and-how-they-work
- https://blog.container-solutions.com/linux-capabilities-in-practice
- Security Context Cheat-Sheet by Eric Smalling and Matt Jarvis: https://snyk.co/udAoX
- Snyk IaC: https://snyk.io/product/infrastructure-as-code-security/
Snyk helps software-driven businesses develop fast and stay secure. In addition to container security scans, Snyk can continuously monitor to find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
Learn more about Snyk http://bit.ly/snyk-io
📱Social Media📱
___________________________________________
Twitter: https://twitter.com/snyksec
Facebook: https://www.facebook.com/snyksec
LinkedIn: https://www.linkedin.com/company/snyk
Website: https://snyk.io/