{"id":77,"date":"2021-12-14T22:16:00","date_gmt":"2021-12-14T22:16:00","guid":{"rendered":"http:\/\/blog.firatyasar.com\/?p=77"},"modified":"2022-03-28T22:21:12","modified_gmt":"2022-03-28T22:21:12","slug":"kubesec-ile-static-manifest-file-analizi","status":"publish","type":"post","link":"https:\/\/blog.firatyasar.com\/?p=77","title":{"rendered":"Kubesec ile Static Manifest File Analizi"},"content":{"rendered":"\n<p>Kubesec static kubernetes definition file&#8217;lar\u0131n\u0131z \u00fczerinde static analiz yapman\u0131z\u0131 sa\u011flayan bir g\u00fcvenlik \u00e7\u00f6z\u00fcm\u00fcd\u00fcr. Genel olarak g\u00fcvenlik \u00e7\u00f6z\u00fcmleri yada entegrasyonlar\u0131 (Authentication,Authorization,Admission controllers vs.) definition file apply edildikten sonra uygulan\u0131r. Kubesec bize definition dosyalar\u0131n\u0131 apply etmeden statik olarak taramaya olanak sa\u011flar.<br>Kubesec ile definition dosyalar\u0131 statik olarak tarand\u0131ktan sonra json yada yaml format\u0131nda bir \u00e7\u0131kt\u0131 verir. Bu \u00e7\u0131kt\u0131 taramaya ili\u015fkin bir score i\u00e7erirken kritik olan durumlar\u0131 da g\u00f6sterir. Ayr\u0131ca d\u00fczeltmek i\u00e7in gerekli tavsiyeyi de g\u00f6sterir.<br>Kubesec binary olarak local&#8217;e kolayl\u0131kla y\u00fcklenebilir. ve kubesec komut sat\u0131r\u0131 arac\u0131 ile kolay \u015fekilde kullan\u0131labilir.Kurulum ad\u0131mlar\u0131 i\u00e7in a\u015fa\u011f\u0131daki ad\u0131mlar\u0131 takip edebilirsiniz.<\/p>\n\n\n\n<p>\u0130lgili kubesec s\u00fcr\u00fcm\u00fc wget ile download edilir.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>wget https:\/\/github.com\/controlplaneio\/kubesec\/releases\/download\/v2.11.0\/kubesec_linux_amd64.tar.gz<\/code><\/pre>\n\n\n\n<p>\u0130ndirilen tarball a\u00e7\u0131l\u0131r.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>tar -xvf  kubesec_linux_amd64.tar.gz<\/code><\/pre>\n\n\n\n<p>Kubesec <strong>\/usr\/bin<\/strong> dizinine kopyalanarak her dizinden \u00e7a\u011f\u0131r\u0131labilmesi sa\u011flan\u0131r.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>mv kubesec \/usr\/bin\/<\/code><\/pre>\n\n\n\n<p>Bu i\u015flemlerin ard\u0131ndan definition file&#8217;lar a\u015fa\u011f\u0131daki \u015fekilde scan edilebilir.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>kubesec scan pod.yaml<\/code><\/pre>\n\n\n\n<p>Ya da hi\u00e7 kubesec kurulumu yapmadan online olarak da bu i\u015flem a\u015fa\u011f\u0131daki gibi curl yard\u0131m\u0131 ile ger\u00e7ekle\u015ftirilebilir.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>curl -sSX POST --data-binary @\"pod.yaml\" https:\/\/v2.kubesec.io\/scan<\/code><\/pre>\n\n\n\n<p>Scan i\u015flemi sonras\u0131 \u00e7\u0131kt\u0131 a\u015fa\u011f\u0131daki gibi olacakt\u0131r.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" width=\"1024\" height=\"917\" src=\"\/wp-content\/uploads\/2022\/03\/image-3-1024x917.png\" alt=\"\" class=\"wp-image-78\" srcset=\"\/wp-content\/uploads\/2022\/03\/image-3-1024x917.png 1024w, \/wp-content\/uploads\/2022\/03\/image-3-300x269.png 300w, \/wp-content\/uploads\/2022\/03\/image-3-768x688.png 768w, \/wp-content\/uploads\/2022\/03\/image-3-1536x1375.png 1536w, \/wp-content\/uploads\/2022\/03\/image-3-660x591.png 660w, \/wp-content\/uploads\/2022\/03\/image-3.png 1950w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Ayr\u0131ca kubesec&#8217;i bir sunucu gibi internal ortamda static analiz yapacak \u015fekilde konfig\u00fcre etmek isterseniz a\u015fa\u011f\u0131daki gibi background process olarak \u00e7al\u0131\u015ft\u0131rabilirsiniz.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>kubesec http 8080 &amp;<\/code><\/pre>\n\n\n\n<p>Bu i\u015flemin ard\u0131ndan internal ortamda curl komutunu kullanarak herkes definition file&#8217;lar\u0131 \u00fczerinde code analizleri yapabilir.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Kubesec static kubernetes definition file&#8217;lar\u0131n\u0131z \u00fczerinde static analiz yapman\u0131z\u0131 sa\u011flayan bir g\u00fcvenlik \u00e7\u00f6z\u00fcm\u00fcd\u00fcr. Genel olarak g\u00fcvenlik \u00e7\u00f6z\u00fcmleri yada entegrasyonlar\u0131 (Authentication,Authorization,Admission controllers vs.) definition file apply edildikten sonra uygulan\u0131r. Kubesec bize definition dosyalar\u0131n\u0131 apply etmeden statik olarak taramaya olanak sa\u011flar.Kubesec ile definition dosyalar\u0131 statik olarak tarand\u0131ktan sonra json yada yaml format\u0131nda bir \u00e7\u0131kt\u0131 verir. Bu \u00e7\u0131kt\u0131\u2026 <span class=\"read-more\"><a href=\"https:\/\/blog.firatyasar.com\/?p=77\">Read More &raquo;<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":79,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[37,39,36,41,38],"_links":{"self":[{"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=\/wp\/v2\/posts\/77"}],"collection":[{"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=77"}],"version-history":[{"count":1,"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=\/wp\/v2\/posts\/77\/revisions"}],"predecessor-version":[{"id":80,"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=\/wp\/v2\/posts\/77\/revisions\/80"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=\/wp\/v2\/media\/79"}],"wp:attachment":[{"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=77"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=77"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=77"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}