mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-11 21:54:56 +03:00
mukul975
c21af3347e
- Add scripts/agent.py and references/api-reference.md to all remaining skills - Update all 648 LICENSE files: copyright now reads 'Mahipal' - Add implementing-security-monitoring-with-datadog (new skill with full anatomy) - All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
1.9 KiB
1.9 KiB
API Reference: Securing Helm Chart Deployments
Helm Security Commands
| Command | Description |
|---|---|
helm lint ./chart --strict |
Lint chart with strict mode |
helm template release ./chart |
Render templates locally |
helm verify chart.tgz |
Verify chart signature |
helm package ./chart --sign --key <key> |
Package and sign |
helm pull repo/chart --verify |
Pull with verification |
Security Context Fields
| Field | Recommended | Description |
|---|---|---|
runAsNonRoot |
true | Prevent root execution |
readOnlyRootFilesystem |
true | Immutable filesystem |
allowPrivilegeEscalation |
false | Block privilege escalation |
capabilities.drop |
[ALL] | Drop all Linux capabilities |
seccompProfile.type |
RuntimeDefault | Syscall filtering |
Security Checks
| Check | Severity | Risk |
|---|---|---|
| Privileged container | High | Full host access |
| hostNetwork enabled | High | Network namespace escape |
| hostPID enabled | High | Process namespace escape |
| :latest image tag | Medium | Non-reproducible builds |
| Missing resource limits | Medium | Resource exhaustion DoS |
| Missing readOnlyRootFilesystem | Medium | Writable filesystem |
Template Scanning Tools
| Tool | Command |
|---|---|
| kubesec | kubesec scan rendered.yaml |
| checkov | checkov -f rendered.yaml --framework kubernetes |
| trivy | trivy config rendered.yaml |
| kube-linter | kube-linter lint rendered.yaml |
Python Libraries
| Library | Version | Purpose |
|---|---|---|
subprocess |
stdlib | Execute helm/kubesec CLI |
re |
stdlib | Pattern matching in rendered YAML |
yaml |
PyYAML >=6.0 | Parse YAML content |
json |
stdlib | Report generation |
References
- Helm Security: https://helm.sh/docs/topics/provenance/
- Helm Secrets Plugin: https://github.com/jkroepke/helm-secrets
- Kubesec: https://kubesec.io/