Hacker News new | past | comments | ask | show | jobs | submit login

If you could check for container signing and providence on all materials and make sure that only a single registry is being used (ex only `internal.company.com:443`) and make sure it's not possible to schedule pods with unsigned/untrusted containers that would be awesome.



For materials you can use syft https://github.com/anchore/syft


interesting, I'll send that to our dev team. BTW - you can suggest these things on Kubescape page @ Github and see status etc.


Yes, we are working on integration with anchore :)


s/providence/provenance




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: