1) The document discusses a 3 step process for securing Helm charts: define security requirements, use policy as code to encode the requirements, and implement guardrails like scans to ensure the requirements are met.
2) It provides examples of writing Rego policy that checks for secrets in environment variables, privilege escalation settings, and running as root.
3) Tools like Terrascan can scan Helm charts and infrastructure as code for policy violations and be integrated into CI/CD pipelines to prevent insecure configurations from being deployed.
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Policy as code what helm developers need to know about security
1. Policy as code: What Helm
Developers Need to Know About
Security
1
Cesar Rodriguez
Head of Developer Advocacy
2. 2
CNCF Survey 2020 / Photo by CHUTTERSNAP on Unsplash
92%
organizations
using containers
in production
83%
organizations
using
Kubernetes in
production
14. Security Risk Categories
14
Data
Protection
Enforcing encryption helps
protect data traversing
network boundaries and
at-rest
Access
Management
Access to cloud resources
should be controlled
enforcing least privilege
and avoid accidental public
exposure
Network
Security
Security controls should be
applied at the network
layer to prevent
unintended exposure
Visibility
Ensuring logging and
monitoring of cloud
systems is enabled and
accessible by security team