Misconfigurations in Helm Charts: How Far Are We from Automated Detection and Mitigation? - Francesco Minna, Vrije Universiteit Amsterdam & Agathe Blaise, Thales SIX

less than 1 minute read

Abstract

Infrastructure-as-Code transformed applications into ephemeral deployments of configuration files; for example, Helm charts allow the representation of Kubernetes applications as YAML files. Several tools are available on the market to detect misconfigurations before deployment; to evaluate and compare Helm Chart analyzer tools, we developed an automated pipeline. In this talk, we will show a live demo of the pipeline, and discuss the misconfigurations found, possible mitigations, and functionalities needed by the application. We will also present the evaluation results on the sixty most common Helm Charts from Artifact Hub and seven popular Helm Charts analyzers. Can you guess what is the most common misconfiguration found? Join us to find out! We will also discuss what are the most efficient tools, the shortcomings, and how such tools can be bypassed. Finally, we will conclude with what we can do as a community to achieve automatic security repair of cloud configurations.

Sched URL

Video

Twitter Facebook LinkedIn

About

Conferences

Misconfigurations in Helm Charts: How Far Are We from Automated Detection and Mitigation? - Francesco Minna, Vrije Universiteit Amsterdam & Agathe Blaise, Thales SIX

Abstract

Video

You May Also Enjoy

You Shall Not Pass! Unless You Are GUAC Verified…. - Parth Patel, Kusari & Dejan Bosanac, Red Hat

Living off the Land Techniques in Managed Kubernetes Clusters - Ronen Shustin & Shay Berkovich, Wiz

Leveraging OCI 1.1 for Enhanced SBOM Integration and Vulnerability Scanning in Harbor - Anais Urlichs, Aqua Security & Shengwen Yu, VMware

Lessons Learned from Generating 100M SBOMs: Google’s Approach to SBOM Compliance - Brandon Lum & Isaac Hepworth, Google