Michael Cade
GitHub
commit
d569e37e5e
@ -2,8 +2,8 @@
|
|||||||
|
|
||||||
In the previous two days we learned why and how to scan container images.
|
In the previous two days we learned why and how to scan container images.
|
||||||
|
|
||||||
However, usually our infrastucture consists of more than just container images.
|
However, usually our infrastructure consists of more than just container images.
|
||||||
Yes, our services wil run as containers, but around them we can also have other artifacts like:
|
Yes, our services will run as containers, but around them we can also have other artifacts like:
|
||||||
|
|
||||||
- Kubernetes manifests
|
- Kubernetes manifests
|
||||||
- Helm templates
|
- Helm templates
|
||||||
@ -12,7 +12,7 @@ Yes, our services wil run as containers, but around them we can also have other
|
|||||||
For maximum security, you would be scanning all the artifacts that you use for your environment, not only your container images.
|
For maximum security, you would be scanning all the artifacts that you use for your environment, not only your container images.
|
||||||
|
|
||||||
The reason for that is that even if you have the most secure Docker images with no CVEs,
|
The reason for that is that even if you have the most secure Docker images with no CVEs,
|
||||||
but run then on an insecure infrastrucure with bad Kubernetes configuration,
|
but run then on an insecure infrastructure with bad Kubernetes configuration,
|
||||||
then your environment will not be secure.
|
then your environment will not be secure.
|
||||||
|
|
||||||
**Each system is as secure as its weakest link.**
|
**Each system is as secure as its weakest link.**
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user