This workshop was first run at SnykCon 2021.
- By yourself or in a small group, spend at least 25 minutes looking through the files in this repository and try to identify at least 7 security vulnerabilities.
There are three directories:
- A terraform directory that sets up a Kubernetes cluster using DigitalOcean Kubernetes
- A helm directory that has files for setting up ingress-nginx
- An api-deployment directory that has yaml manifests to deploy an example api written in Go.
Hint:
- 2 high-severity security vulnerabilities
- 5 medium-severity security vulnerabilities
If you have no idea where to start looking, it’s okay! Pick an article from the resources section, read through it and try to find one issue to look for.
- After looking through the repo, fork this into your github account, sign up for Snyk and run this repo the IAC scanner. Make changes to fix the issues and then run the scan again. Celebrate when you have fixed the 7 vulnerabilities!