compliance

As your Kubernetes cluster grows, maintaining and enforcing configuration policies becomes a daunting task for Platform Engineers or Kubernetes Administrator. Ensuring practices such as avoiding the use of latest tags for containers, requiring specific labels, and permitting only containers from authorized registries can be challenging. Traditional approaches, like incorporating tests in your CI/CD pipeline, are valuable, but we all know the rush of development sometimes leads to overlooking these policies. With that said do not remove the tests in your CI/CD pipeline, you want to detect misoconfigurations as early as possble....

In a recent blog post from the Kubernetes blog , the author wrote about an exciting update that will change how we handle container security. Today, many platform engineers deploy an admission controller to verify the signature of a container. Now, with the release of CRI-O version 1.28 it is possible to do the signature verification directly in the container runtime. No more relying solely on admission controllers to prevent unsigned images from being deployed in your Kubernetes cluster....

Cosign is an awesome tool used to sign and verify containers. In this post we will guide you through creating a container, pushing it to the registry, signing it, and finally verifying the signature. Developed by Sigstore in collaboration with industry giants like Google, Github, and many more. It is specifically designed to elevate the security of your software supply chain while ensuring scalability and privacy. With attacks like Solar Winds it is more important than ever to have a secure software supply chain that don’t allow any tampering or forgery of the software inside your application....