►
From YouTube: Kubernetes SIG Security Tooling 20221206
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
And
we
have
some
new
faces,
some
that
are
that
we've
seen
around
for
a
while.
Let
me
start
with
some
introductions
and
then
we
can
get
started
on
the
session
so
hi
this
is
pushkar.
I
am
the
sixth
security,
tooling
sub
projectally
we've
been
doing
these
learning
sessions
for
about
more
than
a
year.
A
Now,
every
month
we
ask
anyone
in
the
community
who
is
interested
to
chat
more
about
what
they
are
working
on,
which
is
related
to
kubernetes
and
security,
and
today
David
is
going
to
help
us
talk
about
what
he
has
been
working
on,
specifically
around
security,
Behavior
Analysis
and
one
of
the
tools
that
he's
built
called
security
guard
along
with
his
team.
B
B
C
I'll
introduce
myself
I'm
Paul
schweiger,
also
at
IBM
I
work
primarily
on
k-native,
which
is
a
cncf
project.
I've
been
working
with
David
a
bunch
also
so
I'm
here
to
listen.
D
I'm
Michael
Maximilian
I
go
by
Max
and
I'm
colleagues,
also
with
Mike
and
David
and
Paul,
and
here
to
to
support
the
effort.
I
think
security
guard
is
a
cool
technology
and
could
have
good
good
impact
and
just
want
to
see
what
the
community
thinks.
So
that's
it.
D
E
Ori
Sarita
I've
met
a
few
of
you
and
some
of
the
other
sick
calls
that
I've
started
attending
now
and
I'm
working
on
an
open
source
project
for
intent-based
access
controls
which
I
I'm
gonna,
now
click
the
submit
issue
and
request
the
talk
like
this
now
that
I
know
that
we
can
do
it,
and
thanks
for
my
for
for
giving
me
hints
on
how
to
do
this.
So
I'm
very
excited
to
hear
about
about
security
guard
today
and
then
to
get
your
feedback
on
what
we're
working
on
as
well.
A
D
C
F
I
guess
I'll
pop
in
I'm
Eric,
Smalley,
I'm
senior,
developer
Advocate
at
sneak
and
I
help
out
with
some
of
the
scanning
that
kubernetes
does
on
the
KK
team,
as
well
as
hang
out
in
the
tag
Security
in
the
supply
chain.
Working
groups.
A
Can
put
in
all
right
cool,
okay,
so
thanks
everyone
for
joining
in
last
I
checked.
We
still
need
a
volunteer
for
note
taker.
Even
if
it's
your
first
meeting
just
do
your
best
to
summarize
whatever
you
can.
It
really
helps
everyone
in
the
future.
Who
is
going
to
take
a
look
at
what
this
meeting
was
about
and
if
you
have
done
this
before,
want
to
do
it
again,
you're
also
welcome.
A
So
with
that
no
worries,
my
you've
done
it
so
many
times.
So
don't
don't
blame
you
so
by
the
way
for
folks
watching
the
recording
when
I'm
talking
something
completely
that
could
seem
irrelevant
I'm
reading
stuff
on
the
zoom
chat.
So
don't
be
surprised
if
you're
like
what
this
guy
talking
about
so
okay.
So
with
that,
what
we
will
do
now
is
let
David
take
it
away
from
here.
A
A
Yes,
I
think:
that's
that
deploy
preview
link
right.
Can
you
also
share
the
your
request
link
as
well
yeah,
so
we,
instead
of
like
the
usual
learning
session
for
folks
who
have
join
before
in
the
past,
we
will
do
a
somewhat
of
a
different
structure,
so
we'll
do
a
pull
request,
review
of
a
tool
that
David
wanted
to
share
with
the
group.
This
is
the
link
to
the
pull
request
and
we
are
at
10
minutes
past
the
start
time,
so
let's
spend
about
15
minutes
or
or
so
so
five
minutes
before
nine
a.m.
A
Pacific,
to
take
a
look
at
the
pull
request.
Add
your
comments
as
just
like
you
would
be
reviewing
a
pull
request
and
we'll
just
go
all
quiet
for
15
minutes.
No
need
to
even
show
your
face
if
you
don't
want
to,
and
after
that
I'll
just
come
back
online
and
say
hey.
A
G
G
The
tool
is
aimed
to
use
that
approach
for
solving
that
problem.
The
post
is
not
con
focused
about
the
tool
itself,
the
tool
itself,
which
was
developed
as
part
of
K
native
with
Paul
and
Max.
That
tool
we
can
describe.
Maybe
in
the
next
meeting,
I
think
as
a
first
step.
We
want
to
try
to
capture
the
the
problem
space
and
the
approach
and
discuss
about
that
and
and
communicate
that
also
to
the
community.
That's
why
the
post
was
created.
A
So
that's
good
context
for
everyone.
Reading
the
pull
request
so
I
I
like
that
idea,
let's
focus
on
the
problem
space
today
we
can
always
have
a
follow-up
meeting
for
the
Tool
instead
of
trying
to
put
everything
together
in
45
minutes.
So
I
see
people
when
going
offline,
starting
to
review
comments.
So
I'll
do
the
same.
H
G
H
A
E
A
Yes,
yes,
okay,
perfect,
so
I'm
done
posting.
My
review
I
see
David
you're
already
taking
a
look
at
comments,
which
is
great.
What
is
maybe
quickly
for
a
from
everyone's
perspective
for
half
a
minute
or
so
whoever
did
the
reviews?
What
do
you
think?
What's
the
one
main
thing
you
want
David
and
that
thing
to
take
away
from
what
you
just
read
and
review.
E
The
post
is
actually
important,
so
I'm,
actually
very
supportive
of
it.
I
think
I
made
some
suggestions
there
around
how
to
actually
focus
it
in
the
sense
that
I
think
everybody
will
admit
already
that
they're
going
to
have
vulnerabilities
and
so
I
think
your
point
is,
you
know
you
need
another
layer
in
addition
to
looking
for
vulnerabilities
and
that
layer
is
an
obelisk.
E
E
Like
you
need
minimize
blast
radius,
you
need
to
understand
forensics
when
you
do
have
vulnerabilities
just
list
a
few
things
to
remind
people,
but
the
bulk
of
the
article
I
would
say
is
is
about
that
anomalous
behavior
and
just
say
there
are
now
tools
out
there
to
help
you
with
anomalous
Behavior,
so
maybe
a
little
bit
less
of
the
investment
at
the
beginning
of
sort
of
convincing
people,
because
I
think
that's
relatively
easy
to
do,
and
more
just
really
explaining
to
them
in
a
very
succinct
way.
E
You're
going
to
have
these
vulnerabilities,
you
need,
like
you,
know,
defense
in
depth.
You
need
like
three
different
things
you
need
to
be
doing,
one
of
which
is
anomalous,
Behavior
detection.
It
took
me
a
little
while
to
kind
of
extract
that
out
of
the
article
I
would
make
that
a
little
bit
easier.
A
Okay,
that's
good
feedback,
because
we're
short
on
time
we'll
continue
their
discussions
on
everyone's
first
main
thing
as
a
follow-up
and
offline.
Anyone
else
wants
to
share
their
thoughts.
D
A
I
think
the
idea
and
the
intent
of
bringing
attention
to
this
topic
is
very
welcome.
So
thanks
for
all
the
effort
on
this
I
also
appreciated
already
a
lot
of
feedback
that
you've
gotten
from
sick
dogs,
which
is
great
overall.
Most
of
my
comments
were
like:
how
can
we
make
it
easier
to
consume
for
readers
in
terms
of
technical
aspects?
I,
don't
remember
at
least
right
now
anything
that
came
up
to
me.
A
That
was
like
that
doesn't
seem
right,
orientate
that
so
overall
looks
good,
love
the
message
probably
similar
to
what
to
reset
the
initial
part.
Again,
we
are
all
biased,
being
sick
in
this
field
for
a
long
time
that
we
know
that
this
is
a
problem,
so
maybe
not
completely
cutting
it
down,
but
also,
if
you,
if
it
is
possible
to
summarize
a
bit,
would
be
great
the
initial
part
of
what
is
the
problem
we
are
trying
to
solve.
But
apart
from
that,
thanks
for
doing
this,
David
ending.
G
G
To
comment
that
if
you
read
the
kubernetes
security
documentation,
there
is
not
a
word
about
anything
such
as
anomaly:
detection,
runtime
security.
Anything
like
that
is,
is
missing
completely
from
the
kubernetes
security
documentation
that
that
this
is
where
I
started.
I
started
by
looking
at
that
tool
that
we
developed
for
K
native,
asking.
D
G
G
First
thing:
I
did
I
read:
I
read
the
security
documentation
is
there
is
nothing
there,
so
I
think
that
that's
that
post
is
my
attempt
to
try
and
say:
okay,
let's
put
that
in
the
in
front,
tell
people
hey
there
is
something
to
do
apart
from
trying
to
get
the
bugs
out
of
your
code
and
and
we're
doing
the
configuration
right.
G
It's
not
enough.
It's
a
problem!
I!
Don't
think
people
realize
that
and
and
accept
that
this
is
why
it
is
that
this
is
very
well
spelled
out.
I
was
trying
to
do
it
very
well
spelled
out
in
the
in
the
document
to
make
that
absolutely
clear
that,
yes,
it's
not
enough!
You
have
to
have
that
additional
layer
of
of
what's
going
on
with
your
services,
not
to
be
blind
about.
G
What's
going
on
with
your
services
as
they
are
running
and
now
just
giving
people
the
understanding
that,
yes,
there
is
an
approach
to
to
handle
that
and
yes,
there
is
an
attempt
to
do
that
out
there,
but,
as
we
move
on,
my
hope
is
that,
apart
from
this
post,
we
will
go
on
to
the
documentation,
see
what
we
need
to
do
in
the
documentation
to
get
it
better.
G
As
far
as
one-time
security
and
and
after
that,
hopefully
discuss
how
we
can
maybe
bring
runtime
security
tools
to
better
work
with
in
kubernetes
in
general,
and-
and
this
is
just
one
one
of
them.
This
is
an
open
source
that
we
can
use,
but
there
are,
as
people
mentioned,
there
are
other
tools,
Falcon
that
that
can
be
discussed
and
we
can
see
their
their
relevant
contribution
to
to
what
we
do
and
we
need
to
make
that
analysis
and
put
it
forward.
G
A
Right
right,
okay,
make
sense.
Favorite,
I,
I,
hear
what
you're
saying
cool
we
got
about
eight
minutes
more
or
so.
Anyone
else
wants
to
share
anything
or
any
comment
that
you
wanted
to
discuss
David
from
either
of
us.
We
can
do
that
for
the
rest
of
the
time,
because
we
might
have
not
written
a
comment
that
is
easy
to
understand.
So
use
this
time
to
ask
us
questions.
B
And
I
think
on
the
there
is
none
argument:
I
think
there
exists
some
run
time
right
discussions,
it's
just
not
in
the
same
context,
if
you
will,
or
in
the
same
pattern
model
that
you're
using
David.
Well,
for
example,
you
know
SEC
comp,
you
know.
Obviously
we
could
be
argued
as
a
runtime.
You
know
security
model
and
it
is
supported
and
discussed
right
as,
as
is
various
container
runtimes
that
restrict
by
you
know,
isolating
micro
kernel
functions
that
are
going
to
be
needed
only
for
that
particular.
B
You
know
unicorn
that
you're
you're
using
to
run
your
application.
So
there
are
some
patterns
there
discussed,
but
not
in
this
particular
type
of
context.
A
learning
you
know
model
if
you
will
David
what
and
that's
sort
of
what
I
think
with
their
when
they.
When
you
say
you
or
if
the
people
that
are
saying,
maybe
a
summary
there,
there
needs
to
be
some
kind
of
an
explanation
to
pull
people
from
those
patterns
to
this,
as
well
as
needed.
B
Right,
I
think
I
think
would
help
pull
the
user
in
a
little
bit
as
opposed
to
oh
man,
we're
all
broken
right.
G
Okay,
so
my
just
to
put
things
in
in
context
in
this
in
this
meeting
when
I'm
I
know
that
we
we
had
this
discussion
in
the
past
when
I'm
talking
about
runtime
security,
I'm,
not
referring
to
tools
in
the
system
or
or
restrictions
systems
that
ensure
your
isolation.
G
B
D
G
Hopefully,
hopefully,
the
term
security
analysis
or
behavior
security
analysis
or
security
Behavior
Analysis,
which
is
which
I
try
to
explain
in
the
documents
in
the
post.
Maybe
it's
not
good
enough.
What
what
what
is
there
but
I
was
trying
to
describe
these
areas
as
that
you
I
need.
B
A
Yeah
I
think
that's
the
challenge.
We
will
have
David
with
all
the
all
of
us,
reviewers
all
of
us
knowing
the
space,
so
we
would
have
to
think
really
hard
as
a
person
unfamiliar
with
the
space
trying
to
read
it
for
the
first
time
but
yeah
you
just
do
your
best
with
explaining
it.
That's
all
we
can
expect
from
anyone.
I
know
we
have
four
minutes
more
anything
David
that
we
can
help.
Was
this
review
helpful?
G
Yeah,
certainly
I
I
will
also
I
have
to
go
through
all
the
comments.
There
are
many
comments
and
you
have
to
go
through
them
and
and
read
them.
I
may
approach
people
to
to
ask
questions.
Okay,
also,
we
we
can
consider
having
another
session
at
any
time
that
he's
convenient
to
talk
about
the
actual
tool
and
how
the
the
tool
is
trying
to
to
solve
that,
and
then
ask
the
question
whether
we
we
see
a
path
for
for
extending
it,
for
rather
you
kubernetes
use
cases.
How
would
the
interaction
be?
G
A
Yeah
yeah
I
think
that's
fine.
We
can
keep
the
issue
for
the
learning
session
open
with
that
in
mind
and
like
next.
Obviously,
we
won't
have
one
this
year
now,
but
next
year
we
can
definitely
plan
on
see
if
we
can
have
a
dedicated
one,
where
you
bring
all
of
the
tool
specific
information
in
front
of
us
and
we
just
go
deep
dive
on
the
tool
itself,
so
yeah
so
open
to.
E
That
go
ahead.
I
did
have
one
question,
I
forgot
to
ask
in
the
comments:
maybe
it's
not
even
appropriate
there.
So
I'll
just
ask
you
David
directly.
There
is
a
whole
I,
don't
know
a
field
in
industry,
or
at
least
the
marketing
thing
out
there
around
API
anomaly
detection
looking
for
Behavioral
use
of
apis.
Obviously
one
of
the
great
things
about
kubernetes
microservices
is
that
there's
a
lot
of
API
surface
and
that's
why
you
can
monitor
for
Behavior
it's
one
of
your
points.
E
A
Yeah
and
that's
great
because
we're
almost
at
time,
so
we
can
always
continue
the
discussion
offline.
So
thanks
a
lot
David
and
team
like
I,
said
hope
this
was
useful.
We
we
actually
have
never
done
this
kind
of
review
before
as
part
of
learning
session,
so
we
also
tried
something
new
along
with
you,
thanks
for
being
a
willing
participant
in
this
experiment,
look
forward
to
seeing
the
blog
published
whenever
the
date
is
due
as
per
sick
talks
and
for
everyone
who
participated
doing
the
reviews
thanks
a
lot
you're.