Enterprise seviyede container stratejisi belirlenirken en \u00f6nce d\u00fc\u015f\u00fcn\u00fclmesi gereken \u015fey g\u00fcvenlik olmal\u0131d\u0131r. Ba\u015far\u0131l\u0131 bir container g\u00fcvenlik stratejisi container\u2019\u0131n ya\u015fam d\u00f6ng\u00fcs\u00fcn\u00fcn \u00fc\u00e7 ana bile\u015feni olan Build, Deploy ve Run a\u015famalar\u0131n\u0131n her birine entegre olmal\u0131d\u0131r.<\/p>\n\n\n\n
T\u00fcm bunlar\u0131n yan\u0131nda \u00f6nemli olan bir di\u011fer durum ise container\u2019\u0131n ya\u015fam d\u00f6ng\u00fcs\u00fcn\u00fcn yan\u0131nda container\u2019lar\u0131 \u00fczerinde \u00e7al\u0131\u015ft\u0131ran alt yap\u0131n\u0131n da d\u00fczg\u00fcn \u015fekilde\u00a0configure edilmi\u015f olmas\u0131 gerekir. Bu konfig\u00fcrasyonlar d\u00fczg\u00fcn yap\u0131ld\u0131\u011f\u0131 taktirde do\u011fru se\u00e7ilmi\u015f bir container security tool\u2019u cluster altyap\u0131s\u0131n\u0131n, orchestrator mekanizmas\u0131n\u0131n ve containerized edilmi\u015f uygulaman\u0131n g\u00fcvenli olmas\u0131n\u0131 sa\u011flayacakt\u0131r.<\/p>\n\n\n\n
Build Phase:<\/p>\n\n\n\n
| \u00d6zellik\/Fonsiyon<\/td> | Neden Gerekli?<\/td><\/tr> |
| IMAGE ASSESSMENT<\/td> | <\/td><\/tr> |
| Problemlerin saptanmas\u0131nda imaj konfig\u00fcrasyonu ayarlar\u0131 analiz edilir. Bu ayarlar build i\u015fleminde kullan\u0131lan Dockerfile y\u00f6nergeleriniuser identity konfig\u00fcrasyonlar\u0131n\u0131 ve environment variable\u2019lar\u0131 i\u00e7erir.<\/td> | Bu a\u015fama paketler i\u00e7erisindeki bilinen zaafiyetlerin belirlenmesini sa\u011flar. \u00d6zetle zaafiyetlerin belirlenmesinde her hangi bir scanner\u2019\u0131n ka\u00e7\u0131rd\u0131\u011f\u0131 bir durumu saptayan ek bir g\u00fcvenlik katman\u0131d\u0131r.<\/td><\/tr> |
| Imaj bile\u015fenlerindeki zaafiyetlerin belirlenmesi<\/td> | Zaafiyet i\u00e7eren versiyonlara sahip imaj bile\u015fenlerini kullanmak olduk\u00e7a risklidir. Bu zaafiyetleri build a\u015famas\u0131nda saptamak risklerin production ortam\u0131na ta\u015f\u0131nmas\u0131n\u0131 engeller.<\/td><\/tr> |
| Registry\u2019ler i\u00e7ersinde builtin bulunan scannerlardan datalar\u0131n al\u0131nmas\u0131<\/td> | E\u011fer repository ile b\u00f6yle bir scanner \u00f6zelli\u011fi geliyorsa mevcut container security tool\u2019unun mevcut scanner\u2019dan data alabiliyor olmas\u0131 gerekir. B\u00f6ylece mevcut security context\u2019i hakk\u0131nda container security tool\u2019u aware olur.<\/td><\/tr> |
| Belirli bile\u015fen ve imaj katmanlara zaafiyetleri ve konfig\u00fcrasyon problemlerinin ba\u011flamak<\/td> | Base imaj katmanlar\u0131ndaki zaafiyet ve di\u011fer problemler genellikle farkl\u0131 tak\u0131mlara ait olabilir. Bu sebeple zaafiyetlerin hangi imaj katman\u0131na ba\u011fl\u0131 oldu\u011funu belirlemek \u00f6nemlidir.<\/td><\/tr> |
| Hem fixable hemde gelecek aletlerden ka\u00e7\u0131nmak i\u00e7in fixable olmayan zafiyetlerin belirlenmesi<\/td> | Bazen OS distributor\u2019lar yada opensource maintainer\u2019lar bir zaafiyeti asses edebilir fakat bunu d\u00fczeltmek i\u00e7in bir fix yay\u0131nlamayabilirler. Bu y\u00fczden development teamin workflow\u2019lar\u0131n\u0131 bu sebepten \u00f6t\u00fcr\u00fc durdurmak \u00fcretkenli\u011fi etkiler.<\/td><\/tr> |
| RESPONSE<\/td> | <\/td><\/tr> |
| CI building fail edilmesi<\/td> | Build\u2019in belli bir zaafiyetten \u00f6t\u00fcr\u00fc fail edilmesi developer\u2019lara h\u0131zl\u0131 \u015fekilde aksiyon alma f\u0131rsat\u0131 verir.<\/td><\/tr> |
| Ko\u015ful \u00fczerinde customize edilmi\u015f kontrollere izin verme<\/td> | Agresif kontroller development tak\u0131mlar\u0131n\u0131n security kontrollerini disable etmesine sebep olabilir. Genelde \u00e7ok s\u0131k\u0131 ve realistic olmayan kontroller bu tarz sonu\u00e7lara sebep olur.<\/td><\/tr><\/tbody><\/table><\/figure>\n","protected":false},"excerpt":{"rendered":" Enterprise seviyede container stratejisi belirlenirken en \u00f6nce d\u00fc\u015f\u00fcn\u00fclmesi gereken \u015fey g\u00fcvenlik olmal\u0131d\u0131r. Ba\u015far\u0131l\u0131 bir container g\u00fcvenlik stratejisi container\u2019\u0131n ya\u015fam d\u00f6ng\u00fcs\u00fcn\u00fcn \u00fc\u00e7 ana bile\u015feni olan Build, Deploy ve Run a\u015famalar\u0131n\u0131n her birine entegre olmal\u0131d\u0131r. Build Deploy Run T\u00fcm bunlar\u0131n yan\u0131nda \u00f6nemli olan bir di\u011fer durum ise container\u2019\u0131n ya\u015fam d\u00f6ng\u00fcs\u00fcn\u00fcn yan\u0131nda container\u2019lar\u0131 \u00fczerinde \u00e7al\u0131\u015ft\u0131ran alt yap\u0131n\u0131n da\u2026 Read More »<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=\/wp\/v2\/posts\/45"}],"collection":[{"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=45"}],"version-history":[{"count":1,"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=\/wp\/v2\/posts\/45\/revisions"}],"predecessor-version":[{"id":46,"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=\/wp\/v2\/posts\/45\/revisions\/46"}],"wp:attachment":[{"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=45"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=45"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=45"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}} |