Skip to content

Supporting code and demos for KubeCon EU 2023 talk "Malicious Compliance: Reflections on Trusting Container Image Scanners"

Notifications You must be signed in to change notification settings

bgeesaman/malicious-compliance

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Malicious Compliance: Reflections on Trusting Container Image Scanners

KubeCon EU 2023 Amsterdam

Presenters and Repo Contributors

Talk References

Repo Usage

Getting Started

If you want to follow along with the things we did in the talk, first, git clone this repo. Next, install the following dependencies/tools.

Note for M1/Arm users - This demo should work as-is with one exception, and that is the kubectl binary. Download a kubectl binary for arm64 overtop the current amd64 binary before building the images.

Install dependencies

Build the images

Run the following command to build all the variations of the images:

make build-all

Scan the base image with all four scanners:

make scan-0-base

Show the results of scanning the base image:

make results-0-base

Repeat these steps for each of the image variants:

  • make scan-1-os make results-1-os - Modified /etc/os-release
  • make scan-2-pkg make results-2-pkg- Deleted APK metadata
  • make scan-3-lang make results-3-lang - Symlinked Language Dependency Files
  • make scan-4-bin make results-4-bin- UPX packed binaries
  • make scan-5-zero make results-5-zero- Multi-stage build with all techniques combined

Other Exploration

Run make and see all the helper commands we used during this research.

About

Supporting code and demos for KubeCon EU 2023 talk "Malicious Compliance: Reflections on Trusting Container Image Scanners"

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published