mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-16 12:45:17 +03:00
Initial commit - 611 cybersecurity skills across all subdomains
This commit is contained in:
@@ -0,0 +1,58 @@
|
||||
# Aqua Security Container Scanning Workflows
|
||||
|
||||
## Workflow 1: CI/CD Image Gate
|
||||
|
||||
```
|
||||
Developer commits code
|
||||
|
|
||||
Docker image built in CI
|
||||
|
|
||||
Trivy scans image for vulnerabilities
|
||||
|
|
||||
[No Critical/High] --> Image pushed to registry
|
||||
[Critical found] --> Pipeline fails, image rejected
|
||||
|
|
||||
SBOM generated and stored alongside image
|
||||
|
|
||||
Image tagged with scan metadata
|
||||
|
|
||||
Kubernetes admission controller validates scan results
|
||||
|
|
||||
Deployment proceeds only with scanned images
|
||||
```
|
||||
|
||||
## Workflow 2: Registry Continuous Scanning
|
||||
|
||||
```
|
||||
New image pushed to container registry
|
||||
|
|
||||
Trivy Operator detects new image tag
|
||||
|
|
||||
Scheduled scan triggered
|
||||
|
|
||||
VulnerabilityReport CR created in cluster
|
||||
|
|
||||
New CVE published in NVD
|
||||
|
|
||||
Re-scan of all running images
|
||||
|
|
||||
Alert generated for newly affected images
|
||||
|
|
||||
Remediation ticket created automatically
|
||||
```
|
||||
|
||||
## Workflow 3: SBOM-Based Vulnerability Tracking
|
||||
|
||||
```
|
||||
Image scanned, SBOM generated (CycloneDX/SPDX)
|
||||
|
|
||||
SBOM stored in artifact repository
|
||||
|
|
||||
New CVE published
|
||||
|
|
||||
SBOM re-scanned without rebuilding image
|
||||
|
|
||||
Affected images identified across fleet
|
||||
|
|
||||
Prioritized patching based on exposure and severity
|
||||
```
|
||||
Reference in New Issue
Block a user