Task 4
Bring even more security
Level 1
- Ensure that the app doesn’t run as a root user
- The service should try to automatically fix vulnerabilities in the dependencies by creating a Pull/Merge Request
Level 2
- Add a scanning service for the source code of the app
- Ensure that each Pod MUST in selected namespaces run a container on non-root user
- Ensure that the traffic from and to the app is restricted
- Forbid traffic from other namespaces
- Explicitly allow traffic between the app instances and the database
Level 3
- Ensure that a trusted TLS certificate is used to provide the https access
- Minimize the syscalls used by the app with a custom syscomp profile
- Monitor each time when someone execs into the app container and send a mail notification
- Ensure that the whole network traffic is encrypted within the cluster