Falco Rocks

-

Rock Me, Amadeus?

No, not this one, this one. A few years back, I came across the Falco project and, at the time, was impressed with its runtime scanning, which was less mainstream with the masses. Fast forward to today, and the adoption of microservices has exponentially increased with no end in sight.


As many of us move towards the microservices of the world and increase adoption, this area becomes increasingly lucrative to the bad guys. When our platform released our Runtime and Workload Security I started migrating my workloads and adopting more and more image and container assurance controls for my private and public workflows.  

Not because of one versus the other, but because of consolidation and fluidity with my workloads and sanity :). I think many of us can agree it's becoming increasingly difficult to manage where we are heading with the plethora of great specific solutions, but the tradeoff of managing and maintaining was not an option. I needed consolidation. 

To read more about CoudGuards Workload Security, visit the product page

Examples of runtime findings and using admission control to carry out enforcement. Speaking of Admission Control, wrote a little diddy about it here.




With that said, I have much love for my Open Source community, and thank you, Sysdig, for such a great security solution that we can all benefit from! 

Read more about Falco by visiting their GitHub.
The Falco Project, created by Sysdig, is an incubating CNCF open-source cloud-native runtime security tool. Falco makes it easy to consume kernel events and enrich them with information from Kubernetes and the rest of the cloud-native stack. Falco can also be extended to other data sources by using plugins. Falco has a rich set of security rules specifically built for Kubernetes, Linux, and cloud-native. If a rule is violated in a system, Falco will send an alert notifying the user of the violation and its severity.




Popular

Federated user activity made easy

-
Image
 Federated user activity made easy. The other day I was auditing a sandboxed account in AWS and started investigating resources connected to a federated role for a group of students that are no longer enabled on the account. I noticed a few objects that should have been elsewhere or terminated after the fact, regardless, neither here nor there. After about 30 minutes of sifting through logs, creating custom queries, and trying to put them together, I lost interest because of the time and day-to-day priorities. I felt this was a good use case for me to test out some of the functionality of CloudGuard's investigation and correlation engine within the platform and try out this voice-over platform. Enjoy - Video below: if you feel inclined to research further, visit the product page
Read more

Meet Kaniko

-
Image
So, what is kaniko? Kaniko is a tool to build container images from a Dockerfile inside a container or Kubernetes cluster. Another great callout for me is that my CI provider, GitLab makes it super easy to implement in my pipelines. Kaniko doesn't depend on a Docker daemon and executes each command within a Dockerfile entirely in userspace. This enables building container images in environments that can't easily or securely run a Docker daemon, such as a standard Kubernetes cluster. How does Kaniko work? The kaniko executor image is responsible for building an image from a Dockerfile and pushing it to a registry. Within the executor image, we extract the filesystem of the base image (the FROM image in the Dockerfile). We then execute the commands in the Dockerfile, snapshotting the filesystem in userspace after each one. After each command, we append a layer of changed files to the base image (if there are any) and update image metadata. Highly recommend visiting their  repo  ...
Read more

Google Cloud: Container Registry will be replaced by Artifact Registry

-
Spoiler Alert: (you've got some time) Container Registry will be replaced by Artifact Registry. Please upgrade your projects to Artifact Registry before March 18, 2025. On March 18, 2025 , Container Registry will be replaced by Artifact Registry . We understand this change may affect your production workloads, so we've put together resources to make this transition as smooth as possible for you. What do you need to know? To retain access to your container images, please take note of these critical dates and actions you need to take related to the Container Registry shutdown: March 18, 2025: You will no longer be able to push new images to Container Registry. April 22, 2025: You will lose access to existing images in Container Registry. To maintain access, you must copy them to the Artifact Registry before this date. May 22, 2025: All requests to the gcr.io domain will be handled exclusively by Artifact Registry. Ensure the Artifact Registry...
Read more