Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Kubernetes-native security with Starboard
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
Liz Rice
January 01, 2021
Programming
220
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Kubernetes-native security with Starboard
Liz Rice
January 01, 2021
More Decks by Liz Rice
See All by Liz Rice
Building a cloud native business on open source
lizrice
0
260
KCD Lima: eBee in Peru!
lizrice
0
210
Unleashing the kernel with eBPF
lizrice
0
390
eBPF's Abilities and Limitations: The Truth
lizrice
0
530
Simplifying multi-cloud and multi-cluster Kubernetes deployments with Cilium
lizrice
0
290
When is a Secure Connection not encrypted? And other stories
lizrice
1
140
Keeping it simple: Cilium Mesh - networking for multi-cloud Kubernetes and beyond
lizrice
1
790
How Many Proxies Do You Need
lizrice
1
210
eBPF for Security Observability
lizrice
0
1.6k
Other Decks in Programming
See All in Programming
ローカルLLMを使ってB2Bサービスを作っていての学び
yaotti
0
210
「AIで開発し、AIを届ける」をEvalでつなぐ 〜AIネイティブに始めるプロダクト開発の実践〜 / Connecting "Develop with AI, deliver AI" with Eval
rkaga
4
5.4k
Make SRE Operations Easier with Azure SRE Agent
kkamegawa
0
7.8k
Claspは野良GASの夢をみるか
takter00
0
210
TypeScript+Orvalで実現する型安全かつ堅牢でスケーラブルなマルチチャネル通知基盤 / TSKaigi Night talks ~after conference~
d0riven
0
360
TAKTでAI駆動開発の品質を設計する
j5ik2o
7
1.5k
技術的負債解消で開発者の未来を開く- AIの力でコード刷新
kmd2kmd
0
120
エンジニアと一緒にテストコードの設計と実装を改善した話
mototakatsu
0
220
AI駆動開発を妨げる技術的負債の解消アプローチ / ai-refactoring-approach
minodriven
12
6.4k
dRuby over BLE
makicamel
2
390
A2UI という光を覗いてみる
satohjohn
1
150
Hunting Vulnerabilities in Symfony with LLMs
vinceamstoutz
0
560
Featured
See All Featured
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
tammyeverts
11
950
Docker and Python
trallard
47
3.9k
The MySQL Ecosystem @ GitHub 2015
samlambert
251
13k
Navigating the moral maze — ethical principles for Al-driven product design
skipperchong
2
400
Accessibility Awareness
sabderemane
1
140
Balancing Empowerment & Direction
lara
6
1.2k
Reality Check: Gamification 10 Years Later
codingconduct
0
2.2k
Abbi's Birthday
coloredviolet
3
8.2k
AI: The stuff that nobody shows you
jnunemaker
PRO
8
730
brightonSEO & MeasureFest 2025 - Christian Goodrich - Winning strategies for Black Friday CRO & PPC
cargoodrich
3
740
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
25
2k
Context Engineering - Making Every Token Count
addyosmani
9
980
Transcript
© 2020 Aqua Security Software Ltd., All Rights Reserved Kubernetes-native
security with Starboard Liz Rice & Daniel Pacak Open Source Engineering, Aqua Security @lizrice @d_pacak
@lizrice @d_pacak Kubernetes K8s resources Starboard – motivation Dave Loper
pods deployments statefulsets daemonsets Security tools Image vulnerabilities CIS benchmarks Config auditing Pen testing Dashboard kubectl Kubernetes API
@lizrice @d_pacak Starboard – brings security reports into Kubernetes Kubernetes
Dashboard Dave Loper K8s resources pods deployments statefulsets daemonsets Security tools Image vulnerabilities CIS benchmarks Config auditing Pen testing kubehunterreports vulnerabilityreports ciskubebenchreports configauditreports Starboard kubectl Kubernetes API
@lizrice @d_pacak Starboard CLI demo
@lizrice @d_pacak Starboard operator Starboard operator – automation Kubernetes Dashboard
Dave Loper K8s resources pods deployments statefulsets daemonsets Security tools Image vulnerabilities CIS benchmarks Config auditing Pen testing kubehunterreports vulnerabilityreports ciskubebenchreports configauditreports Starboard kubectl Kubernetes API
@lizrice @d_pacak Starboard operator demo
@lizrice @d_pacak Starboard design decisions
@lizrice @d_pacak Resource What security issues are this for this
resource? Security report Resource type = pod Resource name = my-app owner
@lizrice @d_pacak Resource What security issues are this for this
resource? Security report Resource type = pod Resource name = my-app owner Resource name
@lizrice @d_pacak namespace Resource What security issues are this for
this resource? Security report
@lizrice @d_pacak namespace Resource What security issues are this for
this resource? Security report starboard Scan job
@lizrice @d_pacak Deployment ReplicaSet app-image:1.3 ReplicaSet image:1.3 Pod image:1.3 ReplicaSet
image:1.3 Pod app-image:1.3 What security issues are there for my workloads? Unmanaged pod other-image:2.0
@lizrice @d_pacak Deployment ReplicaSet app-image:1.3 ReplicaSet image:1.3 Pod image:1.3 ReplicaSet
image:1.3 Pod app-image:1.3 Unmanaged pod other-image:2.0 Vuln report some-image:2.0
@lizrice @d_pacak Deployment ReplicaSet app-image:1.3 ReplicaSet image:1.3 Pod image:1.3 ReplicaSet
image:1.3 Pod app-image:1.3 Unmanaged pod other-image:2.0 Vuln report some-image:2.0 Vuln report some-image:2.0 Vuln report some-image:2.0 Vuln report some-image:2.0
@lizrice @d_pacak Deployment ReplicaSet app-image:1.3 ReplicaSet image:1.3 Pod image:1.3 ReplicaSet
image:1.3 Pod app-image:1.3 Unmanaged pod other-image:2.0 Vuln report some-image:2.0 Vuln report
@lizrice @d_pacak Deployment ReplicaSet app-image:1.3 ReplicaSet app-image:1.6 ReplicaSet image:1.3 Pod
image:1.3 ReplicaSet image:1.3 Pod app-image:1.3 ReplicaSet image:1.3 Pod app-image:1.6 Unmanaged pod other-image:2.0 Vuln report some-image:2.0 Vuln report
@lizrice @d_pacak Deployment ReplicaSet app-image:1.3 ReplicaSet app-image:1.6 ReplicaSet image:1.3 Pod
image:1.3 ReplicaSet image:1.3 Pod app-image:1.3 ReplicaSet image:1.3 Pod app-image:1.6 Unmanaged pod some-image:2.0 Vuln report some-image:2.0 Vuln report app-image:1.6 Vuln report app-image:1.3
@lizrice @d_pacak Deployment ReplicaSet ReplicaSet image:1.3 Pod image:1.3 ReplicaSet image:1.3
Pod Vuln report What vulnerabilities are in my deployment?
@lizrice @d_pacak Starboard hierarchy demo
@lizrice @d_pacak Extending Starboard
@lizrice @d_pacak Kind: Job Name: efavbs-d21... Namespace: starboard-operator Pluggable vulnerability
scanners Kind: Deployment Name: my-app Image: some-image:2.0 Struct: PodTemplateSpec Image: aquasec/trivy:0.11.0 Command: trivy some-image:2.0 Kind: VulnerabilityReport Name: deployment-my-app-some-container PodSpec Trivy output converter
22 22 VulnerabilityScanner interface
@lizrice @d_pacak
@lizrice @d_pacak
@lizrice @d_pacak Starboard future
@lizrice @d_pacak Fully pluggable security reporting Kubernetes Dashboard Dave Loper
K8s resources pods <some resources> replicasets Security tools Image vulnerabilities CIS benchmarks Config auditing Pen testing kubehunterreports vulnerabilityreports ciskubebenchreports configauditreports Starboard kubectl Kubernetes API Starboard ConfigMap Scanners - Tool: Resource: Report: - Tool: Resource: Report: … <other>reports some other security tool
@lizrice @d_pacak What are the most important security issues in
my cluster? kubectl starboard summary <namespace>
@lizrice @d_pacak github.com/aquasecurity/starboard