Shifting Left with Security Policy as Code (SPaC)
Compliance and Auditing
To guarantee compliance with industry standards and regulations, NeuVector provides a dashboard that displays the compliance status of your cluster nodes, images, and containers. To access it, navigate to the UI and click on Security Risks > Compliance. Here, you can view a list of compliance checks with their CIS ID, category, status, profile, and more.
The CIS ID is a unique identifier for each compliance check, for example:
D.1.2.2ensures that the version of Docker is up to date.I.4.8checks ifsetuidandsetgidpermissions are removed in the image since they can be exploited by attackers.K.1.2.30ensures that the API Server only makes use of strong cryptographic ciphers- and so on.
Every ID, as you may have noticed, is prefixed with a letter that represents the category of the compliance check. For example:
Dstands for Docker (the container),Ifor Image,Kfor Kubernetes.
This is also reflected in the Category
DevSecOps in Practice
A Hands-On Guide to Operationalizing DevSecOps at ScaleEnroll now to unlock current content and receive all future updates for free. Your purchase supports the author and fuels the creation of more exciting content. Act fast, as the price will rise as the course nears completion!