►
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Hello,
everyone
and
thank
you
for
joining
us
today
on
this
cncf
webinar.
My
name
is
gal
and
I
work
at
armo
as
a
product
manager.
I
want
to
tell
you
a
little
bit
about
armor
armor
was
founded
in
2019,
with
the
purpose
of
building
an
open
source,
kubernetes
security
product
made
for
developers
we're
based
in
tel
aviv,
and
we
hold
30
team
members
at
this
point,
and
lately
we
successfully
summed
our
round
a
funding
for
30
million
dollars
by
tiger
global
hyperwise
and
betango.
A
Cubescape
offers
not
only
the
cicd
phase
scanning,
but
also
continuously
scans,
your
environment.
So
if
anything
changes
you'll
be
aware
of
that
and
cubescape
is
a
multi-dimensional
kubernetes
single
pane
of
glass
for
everything
related
to
misconfiguration,
scanning
security,
analysis
and
compliance,
risk
scoring
image
vulnerabilities
and
the
arbuck
visualizer,
the
single
pane
of
glass
is
actually
taking
the
things
that
could
go
wrong
and
collecting
them
together
to
enable
you
to
enforce
and
define
your
environment
based
on
the
best
practices
and
pre-built
frameworks
that
we
provide.
A
A
The
configuration
of
your
workloads,
the
actual
user
activity,
the
vulnerability
assessment,
the
different
arbuck
role-based
access
controls
that
exists
in
your
cluster
and
finally,
we're
taking
all
that
against
the
compliance
benchmark
to
assess
the
complete
posture
of
your
environment.
Now
cubescape
is
an
open
source
project.
Therefore
you
can
access
the
github
repo
page.
Everything
you
need
and
want
to
know
about.
Cubescape
is
right
there
everything
is
transparent
and
I
welcome
you
to
head
over
after
this
webinar
and
check
it
out.
Now,
let's
see
cubescape
in
action,
the
deployment
is
very
easy.
A
You
head
over
to
our
github
and
start
by
running
this
line
of
code.
This
will
install
download
and
install
cubescape.
Okay,
it's
running
this
install
strip
and
it's
running
the
latest
version
of
qscape.
You
can
run
it
and
two
minutes
later
you
get
results
with
this
command
line.
This
is
the
cubescans
cubescapescan
command,
and
you
can
see
that
in
two
minutes
you
get
this
table
right
here.
A
You
can
see
the
severity
of
the
controls
that
were
that
failed
or
passed
the
name
of
the
control,
with
a
little
bit
of
description,
how
many
resources
failed
on
this
control
and
the
overall
risk
score?
A
So
after
your
first
scan
you
head
over
to
this
page
to
the
cubescape
page,
and
you
can
see
this
information
regarding
your
environment,
what
we
see
here
is,
first
of
all,
the
dashboard.
This
is
where
we
aggregate
all
the
important
information
regarding
your
environment
that
you
should
be
aware
of.
You
can
see
the
different
clusters
that
might
have
the
highest
severity
scores.
A
You
can
see
the
history,
drifts
and
trends,
and
you
can
see
the
top
five
felt
controls
and
the
top
five
cdes
that
we
found
in
your
clusters
in
your
environment
going
into
configuration
scanning,
let's
over,
let's
head
over
there.
This
is
where
you
can
choose
which
cluster
you
want
to
focus
on.
You
can
see
it's
a
multi-cluster
environment,
so
you
can
choose
your
cluster
and
you
can
see
right
here
the
different
types
of
frameworks
that
we
use.
A
You
can
also
build
your
own
framework
right
here
and
customize
it
according
to
your
needs,
and
you
can
pick
and
choose
which
controls
you
want
to
use
and
which
you
don't
that
way.
You
get
the
most
relevant
framework
to
your
environment,
but
you
could.
You
can
also
use
the
suggested
frameworks
that
we
we
have
right
here
when
you
scroll
down,
you
can
see
the
list
of
controls
that
we
are
running
as
part
of
this
framework
that
I
chose
to
scan
and
I
can
see
which
controls
failed,
which
are
not
relevant
and
excluded
controls.
A
Another
important
thing
is:
we
see
here
drifts
you
can
see
how
many
resource
failed,
and
if
we
had
a
previous
scan,
we
could
also
see
the
previous
scan
and
that's
how
to
head
over
to
this
control
right
here.
This
is
a
failed
control
on
two
resources
and
if
I
click
on
it,
I
can
see
which
resources
exactly
failed
on
this
control.
I
can
also
set
an
exception
if
I
want
in
this
control-
and
I
can
see
the
previously
failed
resources
in
case-
I
have
a
second
scan
now.
I
want
to
fix
it.
A
A
A
So
I
understand
why
it
felt
why
this
control
specific
control
failed
on
this
file.
What
you
are
seeing
now
is
requiring
me
to
run
a
cluster.
I
need
to
have
a
running
cluster.
I
will
show
you
in
about
a
few
minutes,
how
you
can
use
cubescape
and
there's
a
lot
more
without
running
a
single
cluster,
so
I
can
integrate
cubescape
into
my
ci
cd
process.
I
can
configure
thresholds,
I
can
define
gates
for
my
ci
cd
process.
A
A
A
This
means
that
attack
attackers
could
possibly
take
advantage
of
the
remote
code,
execution
vulnerability,
which
is
in
some
images.
This
is
a
very.
This
is
very
important,
because
what
are
the
chances
that
an
attacker
will
have
direct
access
to
the
kubernetes
cluster,
but
having
this
rce
enabled
might
make
the
attacker's
life
even
easier,
and
this
is
something
we
want
to
point
out,
so
you
can
fix
it
quickly.
A
Now,
let's
focus
on
this.
For
for
a
second,
your
yaml
files
are
using
different
images
and
might
even
use
different
image
registries,
which
some
are
public
and
you
have
no
control
of
now.
Q
escape
the
text
you
which
registries
you
are
using
from
your
yaml
files
and
cubescape,
allows
you
to
add
those
registries
to
an
allow
list.
So
this
will
be
okay
to
use
this
this
registry,
so
this
registry
won't
fail
in
some
controls
tests.
A
A
So
in
this
case
I
will
choose
my
cluster
right
here
from
my
list
and
what
I
will
see
is
a
visualized
way
of
all
the
arbuck
in
my
environment.
I
will
see
rows.
I
will
see
services,
entities,
role,
bindings
and,
of
course,
it's
interactive,
so
I
can
play
and
move
around,
so
I
can
see
the
relationships
even
better.
Now
this
is
nice,
but
actually
the
arbuck
visualizer
does
even
more
one
of
the
things
is
querying
and
investigating
my
armor
configuration.
A
A
So
after
the
seeing
these
capabilities
of
cubescape,
let's
head
over
to
our
latest
features,
let's
start
with
the
code
repository
scan
cubescape
is
designed
to
help
you
detect
misconfiguration
scanning
at
any
stage
of
the
software
development
life
cycle
and
cubescape
is
also
we
also
talked
about.
It
can
be
integrated
with
various
devops
tools.
A
So
up
until
this
point,
you
had
to
start
a
cluster
and
trigger
or
schedule
scans.
In
order
to
see
the
manifest
file
scan
results
in
the
cloud
you
are,
or
you
could
scan
repositories
and
see
the
the
results
in
the
in
the
cli.
Only,
but
today
we're
happy
to
announce
that
cubescape
shifts
left
even
more
now.
Cubescape
can
scan
your
kubernetes
manifest
file
at
the
repository
level,
meaning
no
need
for
an
active
cluster.
A
It
means
cubescape
is
able
to
inform
you
with
the
misconfigurations
and
potential
vulnerabilities.
Even
before
the
code
is
deployed.
Once
using
the
code
repository
scan
capabilities,
you
can
see
history,
you
can
see
trends,
you
can
see
fixed
suggestions
with
the
system
remediation,
so
you
can
fix
issues
in
a
heartbeat
without
deploying
a
single
workload.
You
can
see
right
here
in
this
list.
I
have
the
repositories
name.
I
have
the
owner
of
the
repositories,
the
branch,
of
course,
and
the
number
of
files
scanned
in
those
repositories.
A
So
the
best
thing
is,
you
can
choose
between
scanning
and
remote
repository
or
scanning
your
own
local
folders.
If
I
drill
down
into
this
repository,
I
can
see
the
files
that
failed.
I
can
see
the
type
of
the
files
for
now
it's
yaml.
I
can
see
the
frameworks
that
scan
this
file
and
I
can
see
how
many
controls
failed
on
this
file.
So
I
can
go
right
here
and
I
see
the
exact
file
and
where
it
failed
and
which
controlled
controls
failed
on
it
and,
of
course,
the
remediation
stage.
A
You
can
see
right
here
that
I'm
using
some
image
from
named
pearl
and
I
didn't
limit
my
registry
from
where
I
pulled
this
image.
Speaking
of
images,
let's
talk
about
the
new
feature,
the
new
and
exciting
feature
for
image
registry
scans.
Right
now,
you
don't
need
to
have
a
running
cluster
anymore,
to
scan
images
for
vulnerabilities
with
the
new
image
registry.
Scan
cubescape
can
scan
your
private
and
public
registries
like
dockerio
and
qui-io
registries,
even
before
the
images
are
deployed
on
a
running
cluster.
So
you
know
the
process.
A
A
This
way
you
will
be
able
to
detect
vulnerabilities
even
earlier
in
the
development
process,
and
you
can
assess
a
potential
use
risk
when
using
public
images
and
preventing
the
vulnerabilities
from
reaching
your
deployments
and
production
environment.
So
you
can
see
right
here
the
list
of
the
image
registries
that
I
scan.
You
can
see
the
scan
time,
the
registry
that
was
scanned
and
the
repository
I
can
even
get
granulate
with
the
repository
of
images
inside
a
registry,
and
I
can
see
the
image
tag
also.
A
So
if
I
click
right
here,
I
can
see
which
controls
exactly
failed
on
this
image,
and
in
this
case
I
have
critical
and
high.
Let's
take
the
critical,
for
instance,
you
can
see
all
the
critical
controls
that
failed
on
this
image
and,
of
course,
you
can
see
the
fix
available.
If
there
is
a
fix
for
it,
I
will
tell
you:
cubescape
will
tell
you
in
which
version
it
was
fixed,
so
you
can
upgrade
your
version
of
the
of
the
image
and
remember
the
rce
from
before.
A
We
also
tell
you
right
here
if
it's
rc
enabled
or
not
and
of
course,
the
description
about
this
specific
control.
So
that's
about
it.
I
want
to
thank
you
very
much
for
listening
and
we
would
love
to
keep
you
in
touch,
and
I
welcome
you
to
start
us
on
github
join
our
discord.
Visit
our
website
and
learn
more
about
keepscape
and
our
roadmap
ahead.
Thank
you
very,
very
much.