Automated Vulnerability Scanning for Dependencies & Packages

Do we need to explain why?

🔥💥💣🚨⚡☠️🧨

That’s what I thought.

Configure your pipeline with Snyk

There is a plethora of tools available out there for security scans and/or vulnerable dependencies - Dependabot, Trivy, sonarQube/Lint, Anchore, etc. Most of which can be integrated into your IDE or CI/CD.

For this use case, Snyk has been selected. Snyk is able to scan code, open-source dependencies, container images, and infrastructure as code configurations to helps developers prioritize and fix security vulnerabilities. The free version comes with a max limit scans per month.

Kubernetes cert-manager for LetsEncrypt certificates

Digital Certificates raison d’être and usage

Certificates are exchanged as part of the TLS handshake. This allows the client to ensure the entity it is trying to establish a connection with is authentically the genuine server.

Note: see other posts under this tag for a few words on TLS handshakes and mentions of the attacks it protects against.

A certificate contains: the issuer details, its expiration date, the entity’s public key for asymmetric encryption and a signature (encrypted server’s public key).