►
From YouTube: Is your Kubernetes negative or positive?
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Hello:
everyone
welcome
to
this
on-demand
cncf
webinar,
on
whether
your
kubernetes
is
positive
or
negative.
I'm
charlie
rosen
and
I'm
going
to
talk
about
cubescape,
which
is
the
first
open
source
tool
for
testing
whether
your
kubernetes
is
deployed
securely
according
to
the
best
practices
and
the
complex
frameworks,
multiple
of
them
in
just
one
click,
please,
you
know
it
is
an
open
source
product.
We
will
really
love
to
get
your
engagement
status
and
github
join
us
on
discord
to
get
all
of
the
updates
and
get
engaged
or
visit
us
on
our
website.
A
Just
a
note
about
myself:
who
am
I
so
I'm
sure,
I'm
the
ceo
and
co-founder
of
armor,
I'm
a
software
developer,
I
turned
entrepreneur
and
today
my
life
is
basically
waking
up
in
the
morning.
5
a.m
or
surfing
18
build
kubernetes
products,
9
amps,
it's
sleep
and
then
repeat:
I
do
it
basically
every
day
and
I
kind
of
like
it.
So
you
know
I
really
really
like
it
and
I
really
like
sharing
it
with
you
guys.
A
What
are
we
going
to
talk
about
today?
We're
going
to
first
talk
about?
Why
do
I
care
and
what
can
kubernetes
do
for
me?
Then
we're
going
to
run
our
first
scan
it's
going
to
take
less
than
three
minutes,
I'm
going
to
show
you
how
to
analyze
results
and
get
more
information
and
more
benefits
out
of
cubescape
and
the
such
version
of
it.
A
So
why
do
I
care
well
good
configuration
is
a
big
problem
by
2025
it
said
that
over
99
of
the
cloud
futures
will
actually
be
coming
from
the
root
cause
of
customer
and
misconfigurations,
and
already
today,
59
percent
of
the
survey
respondent
in
the
in
companies
using
kubernetes
say
that
detecting
misconfiguration
is
one
of
the
biggest
problems
that
they
had
in
the
last
12
months.
A
A
A
What
cripscape
does
for
you
is
takes
your
cluster
or
your
configuration
and
compare
it
against
the
tests
that
we've
created
that
match
those
frameworks
and
it
can
be
done
in
the
csd
or
on
a
running
cluster.
And
if
you
choose
to
do
it
in
this
lcd,
we
are
integrated
with,
and
you
know
all
of
the
different
crc
tools
like
jenkins,
github
azure
pipelines
is
not
here,
but
we're
integrated
with
it,
and
it's
pretty
easy
because
it's
an
open
source
tool.
It's
also
by
configuration.
It's
really
really
easy
to
edit
to
your
pipeline.
A
Like
cubescape,
we
have
over
4.5
stars
in
github
and
we
have
a
lot
of
followers
and
we
get
get
great
great
feedback
from
the
community
on
the
product
and
we
actually
engage
with
the
community,
and
we
ask
you
to
let
us
know
everything
you
love,
but
also
everything
you
don't
love
about
the
product
and
about
the
project
and
we
will
continuously
and
make
it
better
and
better.
Your
feedback
is
super
important
for
us,
so
we
talked
a
lot.
Let's
actually
do
some
actual
work
now
and
get
our
first
scan
going.
A
The
best
way
to
go
for
your
first
scan
is
our
github
page.
I
recommend
going
there,
you
have
the
installation
scripts
there.
Everything
is
readily
available.
The
nice
thing
about
cubescape
is
you
can
really
get
that
in
three
minutes
to
to
just
get
started.
It
requires
knowing
cluster
installation.
It
only
requires
a
read
only
privileges
from
from
your
cube
api,
so
it
is
very,
very
easy
to
get
started
so
with
that
said,
let's
go.
Let's
go
to
our
github
page,
I'm
just
going
to
search
for
guitar.
A
With
basically
running
this
command
and
the
curl
command,
we
got
some
feedback
and
I
completely
get
it
that
people
are
not
very
fond
of
finding
an
install
script
into
their
bash.
I
agree
with
you:
you
can
take
a
look
into
the
shaff
file,
it's
all
open
source
and
all
available
for
you.
I
would
recommend
downloading
cubescape
and
installing
it
yourself,
but
I've
run
this
so
many
times
and
for
this
demo
I'm
specific
we'll
definitely
use
this
oneliner.
A
If
you
ask
me,
you
can
use
it
but
of
course
always
check
what
you're
running
in
your
clusters
or
when
you're
on
your
machines.
So
I
have
a
cluster
already
running
here
and
I'm
gonna
install
cubescape
on
it.
A
And
that's
it!
I
have
kubernetes,
I
have
cubescape
installed
and
now
I
can
actually
use
it
to
scale
in
my
plastic
of
my
yarns
in
this
machine.
I
have
access
to
a
running
cluster
in
gcp,
which
is
running
the
iphone
shop,
but
I'm
actually
not
going
to
start
by
scanning
the
cluster
I'm
actually
going
to
start
by
scanning
the
manifest
that
is
actually
driving
the
cluster.
I'm
going
to
do
it
and
to
mimic
the
ci
cd
test
that
we
can
do
on
the
yamas.
So
let's
do
that.
A
A
I
know
I'm
sorry:
the
file
is
in
cubescape
demo.
I'm
sorry
for
that.
A
A
Let's
give
it
a
minute:
okay
and
we
are
done,
and
we
have
our
first
scale.
I
hope
it
was
under
three
minutes.
I
think
it
was
and
let's
see
what
we
got
here,
I
remind
you
that
we
tested
a
manifest
file,
a
yaml
file,
so
we
don't
have
the
entire
cluster
context.
We
don't
have
the
control
plane,
and
so
many
of
the
tests
that
you
see
here
are
actually
not
relevant
for
that
specific,
manifest
files.
But
let's
see
what
is
relevant.
A
So,
let's
start
with
a
loud
privilege
escalation.
For
example,
we
can
see
that
we
have
12
resources
that
actually
allow
the
escalation
in
in
the
containers,
a
problem
that
I
should
probably
fix.
Another
one
that
I'm
very
fond
of
is
the
immutable
container
file
system,
which
we
have
again
the
same,
probably
the
central
microservices,
which
actually
allow
access
and
actually
allow
the
container
to
change
the
file
system
of
the
underlying
host,
which
is
very,
very
much
not
recommended.
A
So
we
can
see
that
and
we
can
actually,
if
we
go
up,
we
can
see
which
resources
have
failed,
which
tests
and
let
me
scroll
up
a
bit.
So
if
you
go
back
to
our
first
test
of
allowing
village
escalations,
we
can
see
that
the
image
surveys
check
out.
Basically,
all
of
the
deployments
in
this
stem
space
are
a
problematic
and
we
can
see
the
remediation
that
basically
tells
you
to
add
the
security
context
and
set
the
flag
to
false,
and
we
can
see
more
of
that
in
our
documentation.
A
So
this
is
how
we
scan
and
we
can
do
it
in
the
clcd.
We
can
scan
any
android
file
and
test
it
against
the
best
practices
of
the
nsa
or
the
metric.
But
now,
let's
do
the
same
on
an
actual
running
cluster.
It
can
be
your
development
cluster
or
it
could
be
your
dev
cluster.
All
it
requires
is
read
privileges,
and
then
we
will
have
many
of
the
tests
that
were
not
relevant
in
this
specific
file.
A
You
know
now
they
will
be
relevant.
So
let's
do
the
same.
My
cube,
ctl
is
already
pointed
at
in
the
cluster.
So
all
I
need
to
do
is
run
cubescape
strength
and
then
tell
the
name
of
the
flame,
which
is
the
nsa.
A
So
now
it
is
running,
it
uses,
cube
ctl
to
access
to
the
api,
the
cluster,
and
do
it
all
the
configurations
and
test
it
okay.
So
we
see
that
many
of
the
things
that
were
not
relevant
before
are
now
suddenly
relevant.
So,
for
example,
things
like
control
plane
hardening
is
now
something,
and
that
is
actually
testing
the
three
components.
A
Things
like
xposed
dashboard,
whether
you
have
a
dashboard
installed,
is
something
that
is
being
tested
and
also
exactly
into
containers.
A
Now
has
more
results
in
it
because
actually
in
the
cluster
we
have
holes
that
can
execute
into
containers
we
in
the
ml
we
didn't
have
that,
but
when
you
deploy
gcp
by
default,
it
creates
some
administrative
role
base
that
actually
can
execute
into
containers,
and
you
should
probably
check
that
and
again
you
can
see
everything
everything
that
failed
in
the
actual
results
in
your
screen.
A
The
next
thing
that
I
want
to
share
with
you
is
okay,
you
get
the
results
in
your
screen.
It's
really
nice,
it's
a
report,
but
how
do
I?
How
do
I
automate
it?
How
do
I
make
it
part
of
my
city
and
that's
where
it
is
very
convenient
to
use
the
output
formats
like
json
or
junit
f4,
for
example,
for
jenkins?
A
So
this
is
how
we
thought
about
that,
and
you
can
run
the
same
test
again
and
you
can
put
format
json,
for
example,
and
output
to
a
file
that
will
be
actually
running
in
your
cd.
Let's
call
it
a
test,
dot,
json
and
basically
you
can
now
get
the
results
as
a
json
file
which
can
be
really
really
easily
integrated
into
your
pipeline.
We
can
actually
also
point
the
standard
output
to
json,
so
it
will
be
actually
completely
automated.
A
So
if
I'm
going
to
do
vi
tests,
naturally
I'm
going
to
see
the
json
a
result,
file
and
very,
very
straightforward.
A
Okay,
now
that
we've
tested
cluster
and
we've
tested
the
yamas,
and
we
know
what
we
can
do,
let's
actually
see
a
better
way
or
an
advanced
way
to
actually
analyze
the
results
and
see
when
the
continuous
planet-
and
this
will
be
done,
while
actually
by
actually
registering
to
the
sas
part
and
of
of
qscape.
If
you
run
the
results,
if
you
run
the
tests.
A
Okay,
at
the
end
of
the
result,
you
actually
have
a
link
to
our
portal,
where
you
can
submit
the
results
to
the
portal
and
start
to
get
ongoing
scans
and
ongoing
results,
and
you
can
have
advanced
features
of
what
you
can
do
with
the
system
you
don't
have
to.
Of
course
you
do
it
like
that.
You
can
just
go
to
portal.
A
cloud
and
sign
up
there,
I'm
only
I'm
already
registered.
So
when
I
will
go
into
this
portal
right
now,
I
will
already
get
the
different
clusters
that
I
have
scanned
and
I
can
see
the
threads
my
clusters,
I
like
to
to
look
at
it
in
a
list
format-
and
this
is
the
cluster
that
we
just
conducted
the
tests
on
since
acf
a
webinar
in
a
cluster,
but
you
can
see
many
different
customers
here
and
let's
see
what
type
of
results
I
can
see
and
if
I
go
into
those
customs.
A
The
way
I
like
to
look
at
things
is,
first
of
all,
of
course
there
is
the
total
risk
score
and
the
better
my
score,
the
the
better.
My
cluster
portion
is-
and
you
can
see
that,
of
course
right
now.
Everything
is
the
same
because
all
of
the
tests
that
I've
done
are
on
the
same,
a
cluster
with
the
same
configurations.
A
I
can
see
here
that
I
have
village
containers
that
I've
excluded
this
I've
done
that
before
and
which
basically
says
that
I
actually
saw
privileged
containers
that
I
approved
to
run
as
privileged.
I
have
a
application
credentials
and
configuration
files.
I
have
five
workloads
that
have
that
if
I'm
gonna
look
at
that,
I
can
see
that
one
of
them
is
in
the
default
in
the
default
main
space,
but
other
ones
are
actually
in
the
control
plane
spaces,
and
we
need
to
see
to
see
if
we
can
fix
that.
A
We
can
see
that
we
have
different
workloads
that
have
allowed
hostpaths
that
can
actually
change
the
host
paths.
Let's
look
at
them.
Okay,
these
are
in
the
cube
system
actually-
and
we
have
this
light
bulb
here.
That
says
this.
This
is
actually
okay
and
there's
not
much
you
can
do
about
it.
It
does
it
for
you,
so
I
will
exclude
it
in
order
not
to
get
re-alert
and
do
that
in
the
future.
A
If
we
look
at
some
of
the
things
that
we
have
really,
let's,
then
let's
look
at
the
loud
bullish
discretion.
For
example,
we
can
see
we
have
12
workloads
that
have
been
identified
that
allow
those
escalations.
A
We
can
see
that
because
of
the
recommendation
that
we
got,
we
excluded
cube
system,
but
we
have
12
micro
services
in
the
default
name
space,
basically
all
of
them
that
actually
allow
for
the
discrimination.
Okay.
What
do
I
do
about
that?
I
will
go
to
the
documentation
and
I
will
see
what
this
test
is
all
about.
A
So
we
can
see
that
it
is
about
attackers
getting
access
to
the
container
uplifting
the
privileges
and
we
have
the
remediation
here
and
actually
an
example
of
what
I
should
do.
So
what
we
see
here
is
that
those
microservices
in
the
default
namespace
are
missing
a
security
context
with
the
allow
privilege
escalation
flag
set
to
false
by
default.
It
is
true
so
because
we
didn't
edit
and
we
have
a
misconfiguration.
A
Another
another
test
that
I
really
like
to
look
at
is
the
host
network
access.
A
But
what
is
this?
What
does
that
mean
the
host
network
access?
I
can
again
go
to
the
documentation
and
see
exactly
what
it
means.
A
A
Okay,
so
let's,
let's
look
at
the
in
the
midwest,
for
example,
we
can
see
always
what
failed
in
the
latest
test
versus
what
failed
in
the
previous
test.
You
basically
basically
use
the
previous
test
as
a
benchmark
as
a
baseline
for
drift
control,
and
you
can
set
it
any
way
you
like,
and
what
you
will
see
is
that
if
you
have
a
drift,
we
will
alert
you
in
this
case.
We
actually
actually
made
things
better
than
the
last
results.
A
We
have
zero
micro
services
that
list
kubernetes
secrets
in
in
the
new
deployment,
so
someone
actually
fixed
this
problem
and
we
have
zero
service
accounts
that
have
access
to
the
containers
of
workloads
that
have
access
to
the
container
service
account.
So
this
is
actually
a
good
drift.
Basically,
what
we
want
to
do
is
we're
going
to
reduce
it
as
much
as
possible,
and
then
we
want
to
make
sure
that
we
don't
have
any
new
micro
services
with
with
that
vulnerability,
and
let's
do
an
example.
A
And
let's
try
to
add:
okay,
I'm
going
to
do
it
later,
I'm
going
to
show
you
in
the
in
necessity
and
how
you
do
that.
A
A
Here
you
can
see
all
of
your
clusters
and
you
can
see
all
of
the
frameworks
in
the
controls
and
the
integrations
that
we
have.
You
can
use
the
stack
integration
in
order
to
actually
get
the
drift
results
into
your
slab,
so
you
can
actually
set
our
cubescape
to
continuously
scale
your
cluster,
let's
say
once
a
day
and
if
it
sees
something
new,
a
new
vulnerability
or,
as
you
can
see
the
degradation
in
the
posture
score
of
your
cluster,
it
will
send
it
to
you
via
slack.
A
A
A
I'm
gonna,
I
can
put
a
description
capital
letters
are
not
allowed,
of
course
demo.
All
this.
Let's
see
if
I've
been
under
the
description
and
then
I
can
choose
exactly
which
controls
I
want
to
have
in
this
framework.
So
as
an
example,
I
can
check
whether
the
cluster
has
internal
networking
enabled.
A
A
Actually,
I'm
going
to
also
not
do
contrast
until
my
networking,
because
what
I'm
going
to
do,
let's
actually
create
a
framework
that
I'm
going
to
use
in
my
cd,
which
is
actually
it
might
it's
going
to
be
smaller
it
doesn't
it's
not
going
to
have
many
many
controls
in
it,
but
it's
going
to
be
a
sanity
check
for
my
developers
every
time
they
commit
to
github,
for
example,
in
new
year
it
will
be
tested
against
this
final
and
then
we
will
know
and
they
will
be
alerted
if
they
did
something
that
is
actually
bad
practice
in
our
organization.
A
A
A
A
And
just
for
the
sake
of
it,
let's
also
do
I
don't
want
to
allow
religious
collection.
That's
it
that's
going
to
be
my
framework,
and
this
is
the
firmware
that
I
can
now
reply
in
the
cd
and
I
click
on
apply
and
that's
it.
I
have
this
framework.
If
I
go
into
all
of
the
controls,
you
can
get
all
of
the
controls
with
a
very
specific
description
of
what
each
controller
does,
and
you
can
actually
also
do
it
from
here.
A
A
Dangerous
capabilities
is
basically
a
control
that
checks
that
dangerous
capabilities
are
not
enabled
in
the
containers,
so
in
the
yaml
files,
I'm
going
to
click,
add
edit
to
the
sensitive
webinar,
and
now
I
added
it
to
my
framework.
This
is
the
control
that
can
be
configured
armor
by
default.
Make
sure
that
you
don't
put
privileges
like
all
sysadmin
net
admin
and
sis
ptrace
into
enabled
in
your
containers,
but
you
can
actually
change
that.
A
A
A
Okay,
so
you
can
see
the
test
that
we
have
chosen
and
we
can
see
what
failed
and
the
percentage
of
the
score.
I
have
against
this
framework
and
I
remain
and
remind
you.
This
is
a
film
that
I
created
for
myself
to
integrate
to
myself
city
and
actually
have
my
developers
understand
exactly
what
they're
doing
wrong
in
terms
and
they
wanted
they.
They
are
having
a
misconfiguration
in
in
the
realm
files.
A
So
what
I'm
going
to
talk
about
next
is
basically
what
we've
done
so
far
right
and
we've
analyzed
our
results.
We've
seen
how
we
can
control
drift,
how
we
can
set
exceptions,
how
we
can
understand
risk
over
time
and
we're
actually
adding
more
capabilities
like
alpha
control
and
vulnerability
scanning
to
this
version,
so
I'm
actually
encouraging
you
to
go
to
our
github
and
get
informed
or
go
to
our
discord
and
get
informed
about
all
the
good
things
that
we're
adding
there.
A
But
now,
let's
talk
about
how
to
practically
use
it.
So
all
we
did
right
now
until
today
is
we
just
basically
did
scans
on
an,
I
would
say,
as
you
go
manner
I
kind
of
like
whenever
I
wanted
to
I
I
went
and
when
I
went
cubescape
and
I
got
a
response,
but
I
want
to
do
it
in
a
more
automated
way.
I
want
to
put
it
either
way
into
my
ci
cd.
A
So
that's
one
way
to
go
about
it.
I
can
integrate
it
to
my
commits,
or
I
can
integrate
it
to
my
pipeline.
Those
are
very
good
practices
to
do
and
I
can
also
run
cubescape
in
my
cluster,
so
I
can
actually
periodically
scan
my
cluster
to
get
the
results,
and
all
of
that
is
very,
very
well
documented,
on
our
userhub
and
on
github,
and
I
encourage
you
to
go
and
and
see
there,
but
I'm
just
going
to
give
two
examples
right
now.
A
When
is
my
configuration
posture
today
versus
yesterday,
in
order
to
do
that,
where
you
really
need
to
go
install
a
github
page,
we
have,
it
is
all
documented,
but
if
you
go
to
examples
and
hem
chart
you're,
basically
a
m
chart
which
defines
exactly
you
know,
you
just
deploy
the
same
chart
and
you
get
another
crunch
of
in
your
cluster,
which
continuously
runs
based
on
the
scheduling
that
you
I
decided
to
do,
let's
go
to
go
to.
Let's
do
it
right
now,
so
I'm
going
to
clear,
I
already
downloaded
the
hem
chart.
A
If
you
wanted
to
see,
you
can
actually
do
it
and
get
the
results
into
your,
you
know
into
a
file
or
whatever
you
want
to
do,
or
you
can
connect
it
to
our
back
end,
as
I
showed
you
and
to
see
it
in
an
ongoing
manner.
If
you
want
to
do
that,
you
need
to
go
here
and
put
your
customer
a
id
or
account
id
that
you
get
there
from
our
ui
and
let
me
show
you
where
you
can
get
it.
A
So
if
I
go
here
and
I
want
to
add
a
cluster
for
example-
or
you
want
to
do
everything
like
that,
you
can
see
that
I
have
the
account
here
and
all
I
need
to
do
is
edit
that
token,
to
microscale
and
again,
everything
is
very,
very
well
documented,
and
I
encourage
you
to
go
look
at
that.
A
A
I
also
once
did
this.
You
know,
let
me
see
where
did
where
did
I
do
it.
A
A
Yeah,
so
no
okay,
it's
only
two.
So
it's
not
that
one
never
mind.
I
I
want
this
to
do
the
test,
we're
actually
going
to
scan
every
minute
and
it's
kind
of
cool
to
see
that,
but
I
can't
find
that
cluster
right
now.
That's
what
happens
when
you
try
to
improvise
in
a
live
webinar
or
live
recording
of
a
webinar.
A
So
so
we
covered
that
we
can
now
have
a
constant,
actually
a
scanning
of
our
cluster,
but
now,
let's
actually
integrate
it
to
the
cd.
We
remember
we
wanted
to
make
sure
that
our
developers
are
not
making
mistakes
and
we
want
to
help
them.
So
so
what
I
did
to
do
that
and
now,
as
I
said,
I
want
to
integrate
it
into
my
github
actions.
A
I
created
this
github
repository
just
for
the
sake
of
this
demo
and
if
I
want
to
get
and
use
that-
and
I
want
to
know
how
to
integrate
to
the
cicd
to
github,
you
can
go
to
our
documentation
page,
let's,
let's
go
to
our
documentation
hub,
the
github
and
the
integration
sections
github
actions,
and
you
see
that
all
you
need
to
do
is
add
another
file
under
github
workflows
with
this
data
in
it
you
have
the
example
here.
A
I
already
went
ahead
and
did
that
so
we
have
under
github
and
workflows.
I
have
the
scania
ml,
which
is,
which
is
you
know,
basically
a
copy
paste
of
the
example
and
what
I
have
with
this
very
simple.
You
know
repository
is
just
one
yummy
at
the
front
and
yaml,
and
every
time
I
update
it,
the
workflow
runs
and
cute
skip
runs
against
it.
So
if
I'm
just
gonna,
do
it
now,
let's,
let's
make
a
change
to
it,
just
to
have
it
run.
A
A
Okay,
it's
done.
Okay,
you
can
see
that
everything
is
done
and
we
can
see
the
result
of
the
scanning
ammo
file
and
we
can
see
exactly
what's
wrong
and,
as
I
said,
we
can
actually.
I
did
hear
the
anticipator.
What
I
could
have
put
here
is
the
smaller
framework.
With
just
the
thing.
I
want
my
developers
to
actually
make
sure
that
they're
doing
right
and
I
can
actually
integrate
that
now
to
see
the
github
action
into
the
pipeline
itself.
I
can
fail
the
pipeline
if
the
best
practice
is
not
holding.
A
I
can
do
all
kind
of
things
with
it,
so
that
is
super
super
powerful.
Let's
just
look
as
an
example,
for
example,
let's
look
at
the
immutable
content
file
system
is
pass.
Let's
see
it's
something:
that's
failed.
A
Allow
previous
escalation,
okay,
the
first
one
is
is,
is
actually
a
failing
and
we
can
see-
and
we
know
and-
and
we
saw
it
earlier-
what
we
should
do
in
order
to
fix
that
we
saw
that
in
the
documentation.
So
if
you
go
back
head
to
my
code
and
to
the
front
end,
of
course,
I
prepared
it
I'm
going
to
edit
it
and
I'm
a
developer.
I
know
that
I
need
to
make
this
change.
A
A
And
it's
done
and
you
know,
there's
no
magic
here.
Basically
and
now
the
and
up
escalation
is
still
failed.
A
A
So
what
we're
going
to
show
now,
as
I
said,
we're
going
to
see
integration
to
github
actions
to
actually
have
our
developers
check
their
code
every
time
they
may
commit
in
order
to
do
that,
I'm
going
to
go
to
the
github
and
actions
integration,
instructions
in
our
user
hack,
documentation,
page
under
the
integration
sections,
and
we
can
see
that
integrating
with
github
actions
is
super.
Easy.
All
you
need
to
do
is
add
a
folder
github
workflows
and
create
a
file
there
and
have
this
content.
You
know
in
the
file.
A
I
already
went
ahead
and
did
that
so
we
have
the
github
workflows
here
and
I
have
a
file
called
scan
which
has
the
exact
same
content
I
just
copied
from
from
the
instructions.
I
also
added
the
account
id,
so
I
can
see
what
my
developers
are
doing
and
I'm
running
the
nsa
framework.
A
I
could
have
run
the
custom
firmware
that
I
created
the
smaller
one
and
it
is
super
powerful,
because
once
you
do
that
and
you're
in
github
actions,
you
can
actually
fail
the
commit
based
on
the
github
actions.
You
can
actually
put
the
output
and
not
only
in
text
and
actually
send
it
to
the
slack
of
the
developers
who
did
the
commit
and
all
kind
of
things
like
that,
but
for
now,
for
this
example,
I'm
just
going
to
show
it
and
spray
just
like
that.
A
So
let's
make
a
change
to
our
frontend
diamond.
This
is
just
one
email
in
this
gita
repository,
I'm
gonna
edit
it
and
just
for
the
sake
of
it.
I'm
just
gonna.
You
know
remove
the
comment
here
just
to
create
a
comment.
A
A
So
immutable
container
file
system-
this
is
the
best
practice
to
make
sure
that
the
flag
is
read
only,
and
this
was
not
done
by
this
developer.
So
now
he
sees
that
it
failed.
As
I
said,
it
can
be
actually
centered
in
smack
and
show
you
the
stack
integration
before
and
now
I'm
going
to
fix
it.
How
do
I
fix
it?
I'm
going
to
go
to
the
documentation,
or
I
can
see
here
that
I
need
to
add
this
flag,
and
now
I'm
going
to
go
back
to
my
yaml
and
make
the
change.
A
A
Great
and
if
you
go
to
the
results
now,
we
can
see
that
the
immutable
container
file
system
is
now
passed
because
we
fixed
the
misconfiguration
and,
as
I
said,
this
is
super
super
powerful,
because
now
you
can
actually
put
it
and
you
can
actually
make
sure
that
the
build
is
depending
on
it.
A
You
can
decide
if
it's
not
depending
on
it,
it's
very,
very
flexible
for
you
as
a
tool,
and
you
can
actually
limit
it
to
only
the
test
that
you
want
to
enforce
in
your
cd
or
that
you
want
to
know
that
your
developers
are
drinking
so,
and
that
is
basically
you
know.
If
I
go
back
here,
so
we
talked
about
ending
a
quantum
that
was
just
every
day.
A
We
talked
about
how
you
can
edit
your
different
ci
pipeline
tools
and
we
showed
it
on
github
and
that's
why
cubescape
is
very,
very
powerful
and
covers
you
in
many
many
elements
of
your
cicd
configuration,
two
production
configuration
checks,
so
we're
done
you're
feeling
good
with
our
configuration.
But
now
what
so?
A
That
actually
takes
you
not
only
for
configurations,
but
also
for
the
deployment
and
production
and
application
protection,
and
that's
our
wider
and
platform
we
cover
you
know
via
cubescape.
We
can
recover
your
checks
earlier
in
this
cd
and
then
you
add
more
functionality
like
continuous
posture
control
and
one
time,
your
trust
to
cover
those
elements
that
are
not
covered
by
cubescape
and
other
scanning
tools.
A
A
Welcome
to
connect
with
us,
but
basically
we
can
actually
apply
one
yaman
to
your
main
special
cluster
and
immediately
we
protect
each
one
of
your
micro
services,
ensure
only
your
micro
services
and
only
as
long
as
they
are
not
compromised
can
actually
run
communicate
and
access
data
in
your
environment
without
the
hassle
of
so
many
different
network
and
security
policies.
Just
one
overarching
very
deterministic
policy.
We
have
patented
it
and
I'm
happy
to
speak
with
anyone
about
it.
But
that's
not
the
topic
of
this
specific
webinar.
A
So
thank
you
so
much.
I
hope
you
enjoyed
this
webinar.
I
try
to
be
as
practical
as
I
can.
I
really
hope
you
do
go
to
our
github
and
follow
us,
and
I
do
hope
that
you
do
give
us
a
star
and
general
discord
and
join
this
community
and
help
us
make
a
cubescape
a
very,
very
good
tool
for
everybody
to
use.
So
thank
you
so
much
and
have
a
great
day.