![]() ![]() For this last integration, in particular, Sealed Secrets leverages VMware Image Builder verification capabilities so that vulnerabilities are detected as part of the project release process. In our case, we decided to include two complementary tools within the project CI process: gosec and trivy. Additionally, vulnerability scanning is a critical step in any continuous integration (CI) pipeline. Static code analysis is a great way to detect inefficiencies or security concerns on a codebase. Static Code Analysis and Vulnerability Scanning These improvements will make it easier for our users to verify the provenance of Sealed Secrets once included in their clusters. They also included a cosign signature for the Controller images, Kubeseal CLI, and for the project’s official Helm chart. Given the importance of the Sealed Secrets project within the Kubernetes Security area, it is essential to control our dependencies and to provide a solid provenance for our deliverables.īecause of that, we asked the students to incorporate cosign verifications over the Sealed Secrets distroless and base images. Needless to say, the software supply chain is a big concern for any organization. Static code analysis and vulnerability scanning.These activities were grouped into three major blocks: All these tasks were closely related to the content of their Master’s degree curriculum, so they dealt with them efficiently. The collaboration lasted from March to April 2022, and during that time, the students took ownership of several tasks in our project backlog focusing mainly on solving security and software supply chain issues. This plan included the set-up of a GitHub account, a brief introduction to the project contributing guidelines, and a list of recommended readings that could help them better understand Sealed Secrets design and purpose. To help them to be more efficient, the Bitnami by VMware Sealed Secrets team provided a minimum onboarding plan. Those students had neither a previous background in collaborating with open source projects nor any proven experience in developing with Golang. We agreed that five students will incorporate their work on the Sealed Secrets project as a part of their final dissertation for the Master’s degree they were undertaking. The collaboration started early in 2022 with some meetings with the faculty responsible for the Master’s Degree in Reliability and IT Security of the Aix-Marseille University, in order to define the scope and the approach of our cooperation. This proposal was translated into a two-month collaboration period in which several important features have been implemented in the Sealed Secrets project. For this reason, when Aix-Marseille University approached us with an offer to collaborate with some of their Reliability and IT Security Master’s Degree students, we quickly jumped on the idea. While we regularly collaborate with institutions, opportunities to collaborate directly with computer science students are few and far between. Examples of such collaborations can be found in the more than 20 training sessions delivered by our experts during this year's VMware Multi-cloud Academy. The Bitnami by VMware team encourages and fosters collaboration with university institutions. With 5.4K starts and more than a million downloads per month, this project has a lot of traction and is widely adopted amongst the open-source community. Authored by Alfredo García, R&D Manager at VMwareīitnami’s Sealed Secrets has been a popular GitOps Secret Management solution ever since its launch back in 2017.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |