mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-16 20:55:17 +03:00
2.0 KiB
2.0 KiB
Workflows - Kubesec Manifest Scanning
Scanning Workflow
Pre-Commit Scanning
- Developer writes Kubernetes manifest locally
- Pre-commit hook runs
kubesec scanon changed YAML files - If score < 0 (critical issues), commit is blocked with remediation guidance
- Developer fixes issues and retries commit
CI/CD Pipeline Integration
- Pull request created with manifest changes
- CI job runs kubesec scan on all manifests in PR
- Results posted as PR comment with score breakdown
- Gate: PR blocked if any manifest scores below threshold
- Merge allowed only after all manifests pass minimum score
Admission Control
- Developer applies manifest via kubectl or GitOps
- ValidatingWebhook intercepts the API request
- Kubesec webhook scans the manifest in real-time
- If critical issues found, admission is denied with explanation
- Clean manifests are admitted to the cluster
Remediation Workflow
Scoring Improvement Process
1. Run kubesec scan on target manifest
2. Review "advise" section for point-earning improvements
3. Review "critical" section for must-fix issues
4. Apply fixes in priority order:
a. Remove critical issues (privileged, hostPID, hostNetwork)
b. Add seccomp profile (+4 points)
c. Add AppArmor annotation (+3 points)
d. Set readOnlyRootFilesystem (+1 point)
e. Set runAsNonRoot (+1 point)
f. Add resource limits (+1 point each)
5. Re-scan to verify improved score
6. Commit and push hardened manifest
Continuous Monitoring Workflow
Scheduled Cluster Scanning
- CronJob runs daily scan of all deployed resources
- Extracts manifests from live cluster:
kubectl get deploy -o yaml - Runs kubesec scan on each resource
- Compares scores against previous scan results
- Alerts on score regressions or new critical findings
- Generates weekly security posture report
Score Trending
Week 1: Average score 2.3 (baseline)
Week 2: Average score 3.1 (+0.8 improvement)
Week 3: Average score 4.5 (+1.4 improvement)
Week 4: Average score 5.2 (+0.7 improvement -- target: 6.0)