creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 05:34:55 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/securing-helm-chart-deployments/references/api-reference.md
T
mukul975 c21af3347e Complete folder anatomy for all 649 cybersecurity skills + update LICENSE to Mahipal 
- Add scripts/agent.py and references/api-reference.md to all remaining skills
- Update all 648 LICENSE files: copyright now reads 'Mahipal'
- Add implementing-security-monitoring-with-datadog (new skill with full anatomy)
- All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
2026-03-11 00:22:12 +01:00

57 lines
1.9 KiB
Markdown
Raw Blame History

# API Reference: Securing Helm Chart Deployments
## Helm Security Commands
| Command | Description |
|---------|-------------|
| `helm lint ./chart --strict` | Lint chart with strict mode |
| `helm template release ./chart` | Render templates locally |
| `helm verify chart.tgz` | Verify chart signature |
| `helm package ./chart --sign --key <key>` | Package and sign |
| `helm pull repo/chart --verify` | Pull with verification |
## Security Context Fields
| Field | Recommended | Description |
|-------|------------|-------------|
| `runAsNonRoot` | true | Prevent root execution |
| `readOnlyRootFilesystem` | true | Immutable filesystem |
| `allowPrivilegeEscalation` | false | Block privilege escalation |
| `capabilities.drop` | [ALL] | Drop all Linux capabilities |
| `seccompProfile.type` | RuntimeDefault | Syscall filtering |
## Security Checks
| Check | Severity | Risk |
|-------|----------|------|
| Privileged container | High | Full host access |
| hostNetwork enabled | High | Network namespace escape |
| hostPID enabled | High | Process namespace escape |
| :latest image tag | Medium | Non-reproducible builds |
| Missing resource limits | Medium | Resource exhaustion DoS |
| Missing readOnlyRootFilesystem | Medium | Writable filesystem |
## Template Scanning Tools
| Tool | Command |
|------|---------|
| kubesec | `kubesec scan rendered.yaml` |
| checkov | `checkov -f rendered.yaml --framework kubernetes` |
| trivy | `trivy config rendered.yaml` |
| kube-linter | `kube-linter lint rendered.yaml` |
## Python Libraries
| Library | Version | Purpose |
|---------|---------|---------|
| `subprocess` | stdlib | Execute helm/kubesec CLI |
| `re` | stdlib | Pattern matching in rendered YAML |
| `yaml` | PyYAML >=6.0 | Parse YAML content |
| `json` | stdlib | Report generation |
## References
- Helm Security: https://helm.sh/docs/topics/provenance/
- Helm Secrets Plugin: https://github.com/jkroepke/helm-secrets
- Kubesec: https://kubesec.io/
Reference in New Issue View Git Blame Copy Permalink