k8s Manifest、Helm Chart扫描
如同扫描Dockerfile一样,k8s各类运行资源模版也需要安全扫描
Checkov安装
参考Dockerfile静态扫描过程安装即可
对Manifest文件扫描
# 非常简单的Manifest,定义了svc跟deploy资源
[root@jenkins-bj-ali-ql1 tmp]# cat nginx.yaml
apiVersion: v1
kind: Service
metadata:
name: nginx
labels:
app: nginx
spec:
type: ClusterIP
selector:
app: nginx
ports:
- port: 80
protocol: TCP
targetPort: 80
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
labels:
app: nginx
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:latest
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
[root@jenkins-bj-ali-ql1 tmp]# checkov -f nginx.yaml --quiet --compact --skip-results-upload --framework kubernetes
kubernetes scan results:
Passed checks: 67, Failed checks: 22, Skipped checks: 0
Check: CKV_K8S_21: "The default namespace should not be used"
FAILED for resource: Service.default.nginx
File: /nginx.yaml:1-15
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-20.html
Check: CKV_K8S_13: "Memory limits should be set"
FAILED for resource: Deployment.default.nginx
File: /nginx.yaml:16-37
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-12.html
Check: CKV_K8S_37: "Minimize the admission of containers with capabilities assigned"
FAILED for resource: Deployment.default.nginx
File: /nginx.yaml:16-37
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-34.html
Check: CKV_K8S_12: "Memory requests should be set"
FAILED for resource: Deployment.default.nginx
File: /nginx.yaml:16-37
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-11.html
Check: CKV_K8S_21: "The default namespace should not be used"
FAILED for resource: Deployment.default.nginx
File: /nginx.yaml:16-37
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-20.html
Check: CKV_K8S_15: "Image Pull Policy should be Always"
FAILED for resource: Deployment.default.nginx
File: /nginx.yaml:16-37
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-14.html
Check: CKV_K8S_11: "CPU limits should be set"
FAILED for resource: Deployment.default.nginx
File: /nginx.yaml:16-37
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-10.html
Check: CKV_K8S_30: "Apply security context to your containers"
FAILED for resource: Deployment.default.nginx
File: /nginx.yaml:16-37
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-28.html
Check: CKV_K8S_38: "Ensure that Service Account Tokens are only mounted where necessary"
FAILED for resource: Deployment.default.nginx
File: /nginx.yaml:16-37
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-35.html
Check: CKV_K8S_22: "Use read-only filesystem for containers where possible"
FAILED for resource: Deployment.default.nginx
File: /nginx.yaml:16-37
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-21.html
Check: CKV_K8S_8: "Liveness Probe Should be Configured"
FAILED for resource: Deployment.default.nginx
File: /nginx.yaml:16-37
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-7.html
Check: CKV_K8S_29: "Apply security context to your pods and containers"
FAILED for resource: Deployment.default.nginx
File: /nginx.yaml:16-37
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-securitycontext-is-applied-to-pods-and-containers.html
Check: CKV_K8S_9: "Readiness Probe Should be Configured"
FAILED for resource: Deployment.default.nginx
File: /nginx.yaml:16-37
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-8.html
Check: CKV_K8S_28: "Minimize the admission of containers with the NET_RAW capability"
FAILED for resource: Deployment.default.nginx
File: /nginx.yaml:16-37
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-27.html
Check: CKV_K8S_40: "Containers should run as a high UID to avoid host conflict"
FAILED for resource: Deployment.default.nginx
File: /nginx.yaml:16-37
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-37.html
Check: CKV_K8S_10: "CPU requests should be set"
FAILED for resource: Deployment.default.nginx
File: /nginx.yaml:16-37
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-9.html
Check: CKV_K8S_43: "Image should use digest"
FAILED for resource: Deployment.default.nginx
File: /nginx.yaml:16-37
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-39.html
Check: CKV_K8S_20: "Containers should not run with allowPrivilegeEscalation"
FAILED for resource: Deployment.default.nginx
File: /nginx.yaml:16-37
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-19.html
Check: CKV_K8S_31: "Ensure that the seccomp profile is set to docker/default or runtime/default"
FAILED for resource: Deployment.default.nginx
File: /nginx.yaml:16-37
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-29.html
Check: CKV_K8S_14: "Image Tag should be fixed - not latest or blank"
FAILED for resource: Deployment.default.nginx
File: /nginx.yaml:16-37
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-13.html
Check: CKV_K8S_23: "Minimize the admission of root containers"
FAILED for resource: Deployment.default.nginx
File: /nginx.yaml:16-37
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-22.html
Check: CKV2_K8S_6: "Minimize the admission of pods which lack an associated NetworkPolicy"
FAILED for resource: Pod.default.nginx.app-nginx
File: /nginx.yaml:16-37
问题点太多,就不一一列举了,可以看出我们日常随便使用的资源文件是多么的脆弱,不过这也正是我们完善安全的目的
对helm chart扫描
helm的文档挺不错的,并且也有很多写法满足我们各类需求,强烈建议大家都看一遍
https://helm.sh/zh/docs/chart_template_guide/getting_started/
# 以helm命令直接初始一个新chart
[root@jenkins-bj-ali-ql1 tmp]# helm create ikun
Creating ikun
[root@jenkins-bj-ali-ql1 tmp]# ll ikun/
total 16
drwxr-xr-x 2 root root 4096 Jul 19 16:42 charts
-rw-r--r-- 1 root root 1140 Jul 19 16:42 Chart.yaml
drwxr-xr-x 3 root root 4096 Jul 19 16:42 templates
-rw-r--r-- 1 root root 1871 Jul 19 16:42 values.yaml
[root@jenkins-bj-ali-ql1 tmp]# checkov -d ikun --quiet --compact --skip-results-upload --framework helm
helm scan results:
Passed checks: 141, Failed checks: 34, Skipped checks: 0
Check: CKV_K8S_21: "The default namespace should not be used"
FAILED for resource: Service.default.release-name-ikun
File: /ikun/templates/service.yaml:3-22
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-20.html
Check: CKV_K8S_21: "The default namespace should not be used"
FAILED for resource: ServiceAccount.default.release-name-ikun
File: /ikun/templates/serviceaccount.yaml:3-12
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-20.html
Check: CKV_K8S_13: "Memory limits should be set"
FAILED for resource: Deployment.default.release-name-ikun
File: /ikun/templates/deployment.yaml:3-47
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-12.html
Check: CKV_K8S_37: "Minimize the admission of containers with capabilities assigned"
FAILED for resource: Deployment.default.release-name-ikun
File: /ikun/templates/deployment.yaml:3-47
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-34.html
Check: CKV_K8S_21: "The default namespace should not be used"
FAILED for resource: Deployment.default.release-name-ikun
File: /ikun/templates/deployment.yaml:3-47
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-20.html
Check: CKV_K8S_15: "Image Pull Policy should be Always"
FAILED for resource: Deployment.default.release-name-ikun
File: /ikun/templates/deployment.yaml:3-47
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-14.html
Check: CKV_K8S_11: "CPU limits should be set"
FAILED for resource: Deployment.default.release-name-ikun
File: /ikun/templates/deployment.yaml:3-47
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-10.html
Check: CKV_K8S_38: "Ensure that Service Account Tokens are only mounted where necessary"
FAILED for resource: Deployment.default.release-name-ikun
File: /ikun/templates/deployment.yaml:3-47
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-35.html
Check: CKV_K8S_22: "Use read-only filesystem for containers where possible"
FAILED for resource: Deployment.default.release-name-ikun
File: /ikun/templates/deployment.yaml:3-47
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-21.html
Check: CKV_K8S_28: "Minimize the admission of containers with the NET_RAW capability"
FAILED for resource: Deployment.default.release-name-ikun
File: /ikun/templates/deployment.yaml:3-47
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-27.html
Check: CKV_K8S_40: "Containers should run as a high UID to avoid host conflict"
FAILED for resource: Deployment.default.release-name-ikun
File: /ikun/templates/deployment.yaml:3-47
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-37.html
Check: CKV_K8S_43: "Image should use digest"
FAILED for resource: Deployment.default.release-name-ikun
File: /ikun/templates/deployment.yaml:3-47
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-39.html
Check: CKV_K8S_20: "Containers should not run with allowPrivilegeEscalation"
FAILED for resource: Deployment.default.release-name-ikun
File: /ikun/templates/deployment.yaml:3-47
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-19.html
Check: CKV_K8S_31: "Ensure that the seccomp profile is set to docker/default or runtime/default"
FAILED for resource: Deployment.default.release-name-ikun
File: /ikun/templates/deployment.yaml:3-47
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-29.html
Check: CKV_K8S_23: "Minimize the admission of root containers"
FAILED for resource: Deployment.default.release-name-ikun
File: /ikun/templates/deployment.yaml:3-47
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-22.html
Check: CKV_K8S_13: "Memory limits should be set"
FAILED for resource: Pod.default.release-name-ikun-test-connection
File: /ikun/templates/tests/test-connection.yaml:3-21
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-12.html
Check: CKV_K8S_37: "Minimize the admission of containers with capabilities assigned"
FAILED for resource: Pod.default.release-name-ikun-test-connection
File: /ikun/templates/tests/test-connection.yaml:3-21
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-34.html
Check: CKV_K8S_12: "Memory requests should be set"
FAILED for resource: Pod.default.release-name-ikun-test-connection
File: /ikun/templates/tests/test-connection.yaml:3-21
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-11.html
Check: CKV_K8S_21: "The default namespace should not be used"
FAILED for resource: Pod.default.release-name-ikun-test-connection
File: /ikun/templates/tests/test-connection.yaml:3-21
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-20.html
Check: CKV_K8S_11: "CPU limits should be set"
FAILED for resource: Pod.default.release-name-ikun-test-connection
File: /ikun/templates/tests/test-connection.yaml:3-21
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-10.html
Check: CKV_K8S_30: "Apply security context to your containers"
FAILED for resource: Pod.default.release-name-ikun-test-connection
File: /ikun/templates/tests/test-connection.yaml:3-21
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-28.html
Check: CKV_K8S_38: "Ensure that Service Account Tokens are only mounted where necessary"
FAILED for resource: Pod.default.release-name-ikun-test-connection
File: /ikun/templates/tests/test-connection.yaml:3-21
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-35.html
Check: CKV_K8S_22: "Use read-only filesystem for containers where possible"
FAILED for resource: Pod.default.release-name-ikun-test-connection
File: /ikun/templates/tests/test-connection.yaml:3-21
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-21.html
Check: CKV_K8S_8: "Liveness Probe Should be Configured"
FAILED for resource: Pod.default.release-name-ikun-test-connection
File: /ikun/templates/tests/test-connection.yaml:3-21
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-7.html
Check: CKV_K8S_29: "Apply security context to your pods and containers"
FAILED for resource: Pod.default.release-name-ikun-test-connection
File: /ikun/templates/tests/test-connection.yaml:3-21
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-securitycontext-is-applied-to-pods-and-containers.html
Check: CKV_K8S_9: "Readiness Probe Should be Configured"
FAILED for resource: Pod.default.release-name-ikun-test-connection
File: /ikun/templates/tests/test-connection.yaml:3-21
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-8.html
Check: CKV_K8S_28: "Minimize the admission of containers with the NET_RAW capability"
FAILED for resource: Pod.default.release-name-ikun-test-connection
File: /ikun/templates/tests/test-connection.yaml:3-21
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-27.html
Check: CKV_K8S_40: "Containers should run as a high UID to avoid host conflict"
FAILED for resource: Pod.default.release-name-ikun-test-connection
File: /ikun/templates/tests/test-connection.yaml:3-21
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-37.html
Check: CKV_K8S_10: "CPU requests should be set"
FAILED for resource: Pod.default.release-name-ikun-test-connection
File: /ikun/templates/tests/test-connection.yaml:3-21
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-9.html
Check: CKV_K8S_43: "Image should use digest"
FAILED for resource: Pod.default.release-name-ikun-test-connection
File: /ikun/templates/tests/test-connection.yaml:3-21
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-39.html
Check: CKV_K8S_20: "Containers should not run with allowPrivilegeEscalation"
FAILED for resource: Pod.default.release-name-ikun-test-connection
File: /ikun/templates/tests/test-connection.yaml:3-21
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-19.html
Check: CKV_K8S_31: "Ensure that the seccomp profile is set to docker/default or runtime/default"
FAILED for resource: Pod.default.release-name-ikun-test-connection
File: /ikun/templates/tests/test-connection.yaml:3-21
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-29.html
Check: CKV_K8S_14: "Image Tag should be fixed - not latest or blank"
FAILED for resource: Pod.default.release-name-ikun-test-connection
File: /ikun/templates/tests/test-connection.yaml:3-21
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-13.html
Check: CKV_K8S_23: "Minimize the admission of root containers"
FAILED for resource: Pod.default.release-name-ikun-test-connection
File: /ikun/templates/tests/test-connection.yaml:3-21
Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-22.html
问题直接刷屏了,看来默认chart不太行,离我们真正使用到生成环境还有很大的距离
集成jenkins pipeline
与Dockerfile一样,我们不需要在pipeline中每次对这种基础固定资源进行扫描,只需要在每次变更后扫描确保没有问题即可
其他Kubernetes扫描工具
Checkov
Terrascan
KubeLinter
Kyverno
Kubewarden
Gatekeeper
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 25岁的心里话
· 闲置电脑爆改个人服务器(超详细) #公网映射 #Vmware虚拟网络编辑器
· 零经验选手,Compose 一天开发一款小游戏!
· 因为Apifox不支持离线,我果断选择了Apipost!
· 通过 API 将Deepseek响应流式内容输出到前端