In this episode, Ryan and Bhavin talk to Christoph Hartmann - the CTO and co-founder of Mondoo about all things Kubernetes Security. The discussion starts by talking about Kubernetes Security Posture Management (KSPM) and then dives into Software Bill Of Materials (SBOM) and SBOM Attestation. They also talk about the open-source project "cnspec" and how it can help organizations scan their entire infrastructure, including VMs, containers, container registries, code repositories, etc for vulnerabilities. 

News:

• https://www.weave.works/blog/weaveworks-donates-project-kured-to-the-cncf
• https://sysdig.com/blog/top-15-kubectl-plugins-for-security-engineers/
• https://techcrunch.com/2023/01/25/dell-has-acquired-cloud-orchestration-startup-cloudify-sources-tell-us-for-around-100m/
• https://events.linuxfoundation.org/kubecon-cloudnativecon-europe/cncf-hosted-co-located-events/about/
• https://techcrunch.com/2023/01/26/mirantis-acquires-shipa/
• https://www.harness.io/blog/harness-acquires-propelo

Show Links:

1. cnspec Project Pagehttps://cnspec.io

2. cnspec on Github: https://github.com/mondoohq/cnspec

3. Hacking Kubernetes https://www.youtube.com/watch?v=9onasWkaeuE&t=3s

4. Mondoo https://mondoo.com/