You need to sign in or sign up before continuing.
Port NeuVector zero-trust security functions to host/VM
an idea by feih
Updated about 2 years ago. 5 hacker ♥️. 3 followers. Has no hacker: grab it!

Project Description

Today, NeuVector only support container environment. It does a lot of security functions and many of those are actually not limited to only protect containers technically. Sometimes, we are seeing requests/asks about providing similar functions to protect servers & VMs. So, it is technically possible. Some of the zero-trust security protections are still pretty unique if we port it over to host/VM side. Welcome if you are interested to help and give it a try!

Goal for this Hackweek

Port a few security functions to be able to demo and POC. Just for example, we can start from a few low hanging fruits:

  • Make NeuVector vulnerability scanner an host process/agent

  • NeuVector CIS benchmark/compliance scan

  • Zero-trust process zero-drift

  • Zero-trust process policy and enforcement

  • Zero-trust file protection

  • Zero-trust network segmentation and policy (TBD?)

Resources

https://github.com/neuvector

https://open-docs.neuvector.com/

No Hackers yet

Join this project

Looking for hackers with the skills:

neuvector security

This project is part of:

Hack Week 23

Activity

  • about 2 years ago: admehmood liked this project.
  • about 2 years ago: RDiasMateus liked this project.
  • about 2 years ago: atgracey liked this project.
  • about 2 years ago: heidi.bronson liked this project.
  • about 2 years ago: tracy.walker liked this project.
  • about 2 years ago: feih added keyword "security" to this project.
  • about 2 years ago: feih added keyword "neuvector" to this project.
  • about 2 years ago: feih originated this project.


    • Comments

    Be the first to comment!

    Similar Projects

    vex8s-controller: a kubernetes controller to automatically generate VEX documents of your running workloads by agreggi

    Description

    vex8s-controller is an add-on for SBOMscanner project. Its purpose is to automatically generate VEX documents based on the workloads running in a kubernetes cluster. It integrates directly with SBOMscanner by monitoring VulnerabilityReports created for container images and producing corresponding VEX documents that reflect each workload’s SecurityContext.

    vex8s-controller workflow

    Here's the workflow explained:

    1. sbomscanner scans for images in registry
    2. generates a VulnerabilityReport with the image CVEs
    3. vex8s-controller triggers when a workload is scheduled on the cluster and generates a VEX document based on the workload SecurityContext configuration
    4. the VEX document is provided by vex8s-controller using a VEX Hub repository
    5. sbomscanner configure the VEXHub CRD to point to the internal vex8s-controller VEX Hub repository

    Goals

    The objective is to build a kubernetes controller that uses the vex8s mitigation rules engine to generate VEX documents and serve them through an internal VEX Hub repository within the cluster. SBOMscanner can then be configured to consume VEX data directly from this in-cluster repository managed by vex8s-controller.

    Resources

    Exploring Rust's potential: from basics to security by sferracci

    Description

    This project aims to conduct a focused investigation and practical application of the Rust programming language, with a specific emphasis on its security model. A key component will be identifying and understanding the most common vulnerabilities that can be found in Rust code.

    Goals

    Achieve a beginner/intermediate level of proficiency in writing Rust code. This will be measured by trying to solve LeetCode problems focusing on common data structures and algorithms. Study Rust vulnerabilities and learning best practices to avoid them.

    Resources

    Looking at Rust if it could be an interesting programming language by jsmeix

    Get some basic understanding of Rust security related features from a general point of view.

    This Hack Week project is not to learn Rust to become a Rust programmer. This might happen later but it is not the goal of this Hack Week project.

    The goal of this Hack Week project is to evaluate if Rust could be an interesting programming language.

    An interesting programming language must make it easier to write code that is correct and stays correct when over time others maintain and enhance it than the opposite.