08448380779 Call Girls In Civil Lines Women Seeking Men
PyCon ID 2023 - Ridwan Fadjar Septian.pdf
1. BUILD A SECURITY SCANNER FOR
KUBERNETES BASED ON CIS BENCHMARK
WITH PYTHON3 STANDARD LIBRARY
Ridwan Fadjar Septian
2. TABLE OF
CONTENT
01.
02.
CIS BENCHMARK FOR K8S
BUILDING THE PROTOTYPE
How CIS Benchmark works for K8s
03. DEVELOPMENT TOOLS
04. PRE-COMMIT
Architecture and source code
Tools for building the prototype
Ensuring quality at before create pull request
05. GITHUB ACTION
Ensuring quality before merge
to master
3. HELLO!
I’m Ridwan Fadjar. Currently, I’m working as Cloud
Infrastructure Engineer at Dkatalis Digital Lab. I love to
create something with Python, Ansible or Terraform
5. FREE TO USE
RATIONALE
CIS Benchmarks are freely
available in PDF format for
non-commercial use
https://www.cisecurity.org/b
enchmark/kubernetes
The reason why the control
should be remediate
6. REMEDIATION
AUDIT
Practical steps to remediate
any violation to CIS controls
for K8s
Best practice to check the
evidence againts controls
with straight forward
instructions
15. SUMMARY
argparse, for parsing command line
arguments from user
subprocess, for building utilities which
used by the scanner
typing, ensure data type that used as
parameters and return value are meet
expectation and secure
Python Standard Library which I used for
building this security scanner are only those
three below:
20. DEVELOPMENT TOOLS
Python3, latest edition of Python programming language (e.g. support
typing value)
Black, the uncompromising Python code formatter created by PSF
Ruff, an extremely fast Python linter and code formatter, written in Rust
created by Astral-sh (but I use the linter only)
Bandit, tool designed to find common security issues in Python code
created by PyCQA
Pre-commit, tools for performing multiple tasks as hook before you
commit your changes
Github Action, automation for software development workflows
I use several tools when building this security scanner:
28. AT A GLANCE
Ensure that your project is Git initialized
Write pre-commit hooks file inside the project
Install pre-commit -> pip install pre-commit
Install dependencies -> pre-commit install
Run pre-commit manually -> pre-commit run --all-files