feat: KubeArmor based Github Action #1128
Comments
|
Hi, @Ankurk99 I am a master from SEL laboratory of Zhejiang University, familiar with cloud native, kubernetes, docker, github action, Go. I am very interested in this issue and hope to participate in the community through this issue. I love open source. As a Sealer member(also a project under CNCF), I was responsible for implementing Sealer E2E test infra from ecs to containers, through this work, I became more familiar with CI, github action, k8s and docker. And I also participated in a ebpf project. Therefore, I think this project is quite suitable for me. I plan to apply for GSOC 2023 and apply for this project. Could you have more suggestions to help me get started? |
|
Hi @Ankurk99 ,I am also interested in this project,also familiar cloud native kubernetes, docker, github action. I am sealos(base on sealer,but have 10k star) contributor,have 34 commit . I was responsible for implementing Sealos E2E test CRD in github action, wirte CRD design docs and implement it,through this work, I became more familiar with CI, github action and k8s andCRD.I also plan to join GSOC 2023. @zhy76 bro, We have so many similarities, so destined.Nice to meet you.Let's make progress together. |
@zhy76 hi, |
|
Hey @zhy76 @xiao-jay, Welcome to KubeArmor. I am glad that you are interested in the project and want to take it as your GSoC project. |
Thanks, I'll try! |
Thanks, nice to meet you! |
|
After some research, let me try to understand what we need to do with this project. We need to create a CI test for KubeArmor when some app changed, we need to highlighted the new app behavior and generate runtime security policies for this new app. Am I right? As far as I know, my initial thoughts are as follows:
Am I understanding this correctly? :) @Ankurk99 |
|
Hi @Ankurk99 i have contributed to kubearmor previously as well and i really wanna take it forward for my GSOC project. Can you help me with this particular issue? I have understood the basics of kubearmor, and I will try to work on this issue, but i might require some help. Thank you! |
|
Hey folks. Thanks a lot for the interest in the project. We look forward to your proposals in the next 2 weeks. We can iterate over the proposals in the next 2 weeks and help you out gain more understanding about the issue and the project itself. That said really appreciate y'all taking efforts to contribute to the project and we look forward to working with you. We are available over Slack if you have any specific queries, Happy to help out. |
|
Is this issue still open or nearing its completion, I would like to contribute |
|
This issue is done at kubearmor-action, there are still some areas that need to be improved in this project. We welcome your suggestions and contributions to this project. Thank you :) |
The Problem
KubeArmor should be able to identify change in the application posture early in the dev life cycle. If the app changes results in new app behavior such as new process invocation or new file system access or new network connections, then the same has to be highlighted early in the application life cycle so that the security posture changes can be handled accordingly.
The solution
karmor summaryprovides a way to verify the application behavior. The aim would be to baseline the application behavior and check for any deviation during subsequent application updates.(Note: It is not expected that the UI look exactly like this, but something similar where the user can figure out what is the change in the application behavior).
Feature Request
Create a Github Action utilizing KubeArmor and Discovery engine to generate runtime security policies
CC: @nyrahul @daemon1024 @kranurag7
The text was updated successfully, but these errors were encountered: