Kubernetes Security : Supply chain Vulnerabilities
--
Introduction
In a recent post on my blog, I went through some of the fundamentals of Kubernetes, including why it is necessary and what aspects of it are crucial. On the other hand, if you are interested in having a look, please click on the link that has been provided below:
https://gupta-bless.medium.com/kubernetes-security-insecure-workload-configurations-a57d9649c876.
Microservices are now typically run utilising containers and images. Whenever the devops is going to build an image and then deploy it in the production, they have to follow the processes of SDLC such as Acquire, Build, Deliver, Deploy, Run and Maintain. If the recommended security procedures are not followed at each stage, any stage could be compromised. Even a single image could be using a lot of third party dependencies that makes it very tough for devops to keep it secure and maintain those. There are a few difficulties, but the Supply Chain Vulnerability in Kubernetes is the topic that will be covered in this blog post.
What is a Supply Chain attack?
In order to produce a product, Supply Chain is all about determining how this source code is created and saved into the artefacts, as well as where these artefacts keep the data. An example of this would be in the context of software. In Kubernetes, the CI/CD pipeline is typically constructed with the use of images. Integrity of the source code and integrity of the build are the two primary resources upon which Kubernetes is founded. No one can access an organization’s code without the appropriate authority, and no one can push malicious code there, according to “source code integrity.” According to “build integrity,” whatever we develop can be easily accessible in our production cluster. DevOps are going to assign images in our build process so that containers can build utilising those images. Within a Kubernetes cluster, the container images themselves may be subjected to verification. Multiple development teams are able to use a single container image, and that image may also be deployed and run in numerous different environments.
