mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-12 14:14:56 +03:00
mukul975
36 lines
1.3 KiB
Markdown
36 lines
1.3 KiB
Markdown
# Standards and References - Securing Helm Chart Deployments
|
|
|
|
## NIST SP 800-190
|
|
- Section 4.1: Image vulnerabilities and configuration defects
|
|
- Section 5.2: Registry security and chart provenance
|
|
- Section 5.4: Secure deployment configuration
|
|
|
|
## CIS Kubernetes Benchmark v1.8
|
|
- 5.2.1-5.2.9: Pod Security Standards enforced via chart defaults
|
|
- 5.7.3: Apply security context to pods and containers
|
|
|
|
## SLSA (Supply chain Levels for Software Artifacts)
|
|
- Level 1: Documented build process (Helm chart CI)
|
|
- Level 2: Source version controlled, signed provenance
|
|
- Level 3: Hardened build platform, signed artifacts
|
|
- Level 4: Two-party review, hermetic builds
|
|
|
|
## Helm Security Resources
|
|
|
|
| Resource | URL |
|
|
|----------|-----|
|
|
| Helm Security Best Practices | https://helm.sh/docs/chart_best_practices/ |
|
|
| Helm Provenance and Integrity | https://helm.sh/docs/topics/provenance/ |
|
|
| kube-linter | https://github.com/stackrox/kube-linter |
|
|
| checkov Kubernetes checks | https://www.checkov.io/5.Policy%20Index/kubernetes.html |
|
|
| helm-secrets plugin | https://github.com/jkroepke/helm-secrets |
|
|
|
|
## Compliance Mappings
|
|
|
|
### PCI DSS v4.0
|
|
- Req 6.3.1: Security vulnerabilities identified and managed
|
|
- Req 6.5.1: Changes controlled by change control processes
|
|
|
|
### SOC 2
|
|
- CC8.1: Change management - Controlled deployment processes
|