198 Lotus blogs updated hourly. Who will post next? Home | Blogs | Search | About 
 
Latest 7 Posts
Deploying MicroProfile based Java Applications to Bluemix
Fri, Sep 22nd 2017 46
Deploying MicroProfile based Apps to IBM Cloud private
Thu, Sep 21st 2017 76
Watson Machine Learning Sample Walkthrough
Tue, Sep 19th 2017 66
Some Pictures from Hack.IAA
Tue, Sep 19th 2017 119
My Favorite Tech Talks for Developers
Mon, Sep 18th 2017 118
Running Cloud-Native Applications On-Premises
Mon, Sep 18th 2017 59
Node-RED Samples for IBM Watson IoT Hackathon
Mon, Sep 11th 2017 8
Top 10
Some Pictures from Hack.IAA
Tue, Sep 19th 2017 119
My Favorite Tech Talks for Developers
Mon, Sep 18th 2017 118
Deploying MicroProfile based Apps to IBM Cloud private
Thu, Sep 21st 2017 76
Watson Machine Learning Sample Walkthrough
Tue, Sep 19th 2017 66
Running Cloud-Native Applications On-Premises
Mon, Sep 18th 2017 59
Deploying MicroProfile based Java Applications to Bluemix
Fri, Sep 22nd 2017 46
Deploying Angular 2 Apps to Bluemix
Tue, Apr 11th 2017 26
Getting started with Tensorflow on IBM Bluemix
Mon, Apr 3rd 2017 15
How to build Facebook Chatbots with IBM Watson
Thu, May 12th 2016 13
Simple Sample of the Watson Document Conversion Service
Wed, Jan 27th 2016 11


Securing Kubernetes Applications with Vulnerability Advisor
Twitter Google+ Facebook LinkedIn Addthis Email Gmail Flipboard Reddit Tumblr WhatsApp StumbleUpon Yammer Evernote Delicious
Niklas Heidloff    

The Bluemix Vulnerability Advisor checks the security status of container images before deployments as well as the status of running containers. For example it can detect weak passwords, whether SSH is installed or whether images have known vulnerabilities.

The Vulnerability Advisor leverages various sources like the CentOS announce archives and Red Hat RHSA announce archives to know about vulnerabilities and it calculates risk based on the IBM X-Force Exchange technology.

While this functionality has been available for scalable containers groups for quite some time, you can also use this functionality now in DevOps Delivery Pipelines when deploying Kubernetes applications. There is a nice tutorial that describes in detail how to set up a hello world sample. Below is a quick summary.

In Delivery Pipelines you can add stages with the tester type “IBM Vulnerability Advisor” which checks all images of a Kubernetes application. At the bottom of the screenshot is a checkbox to define whether you want to stop running the pipeline if this stage fails.

vulnerability3

Since the currently latest version of the node image from Docker hub has vulnerabilities, the deployment of the sample application is prevented. To fix these issues the node image provided by IBM (registry.ng.bluemix.net/ibmnode) is used instead.

The screenshot shows how to read the output of the advisor via the ‘bx cr’ CLI. Alternatively you can also see this information in the Bluemix web user interface.

vulnerability2

To lean more about the Vulnerability Advisor read the documentation.

The post Securing Kubernetes Applications with Vulnerability Advisor appeared first on Niklas Heidloff.



---------------------
http://heidloff.net/article/kubernetes-docker-container-vulnerabilities
Sep 05, 2017
4 hits



Recent Blog Posts
46
Deploying MicroProfile based Java Applications to Bluemix
Fri, Sep 22nd 2017 2:50p   Niklas Heidloff
Eclipse MicroProfile is an open source project to optimize Enterprise Java for microservices architectures. MicroProfile based applications can be deployed to Kubernetes. This article describes how to build microservices via the Microservice Builder and how to deploy them to Bluemix. The Microservice Builder provides functionality to easily create new Java based microservices. Below is a quick walkthrough how to create new microservices, how to run them locally and how to deploy them to Kubernet
76
Deploying MicroProfile based Apps to IBM Cloud private
Thu, Sep 21st 2017 2:30p   Niklas Heidloff
Eclipse MicroProfile is an open source project to optimize Enterprise Java for microservices architectures. MicroProfile based applications can be deployed to Kubernetes. This article describes how to deploy a sample application to IBM Cloud private. IBM Cloud private is a Kubernetes based platform to run cloud-native applications on-premises. It also comes with a Docker image registry. For developers there is a community edition available to run everything in one virtual machine. The example I&
66
Watson Machine Learning Sample Walkthrough
Tue, Sep 19th 2017 3:37p   Niklas Heidloff
Last month IBM announced the general availability of Watson Machine Learning which can be used by data scientists to create models and it can be used by developers to run predictions from their applications. Below is a simple sample walkthrough. As sample scenario I’ve chosen the Titanic dataset to predict whether people would have survived based on their age, ticket class, sex and number of siblings and spouses aboard the Titanic. I picked this dataset because it seems to be used a lot in
119
Some Pictures from Hack.IAA
Tue, Sep 19th 2017 7:34a   Niklas Heidloff
Last week I attended Hack.IAA, a hackathon with a focus on Artifical Intelligence and Car-2-X Communication organized by DigitalLife@Daimler. 60 students had 24 hours to come up with new business models and innovative solutions. IBM provided access to the IBM Cloud and Watson and helped participants with technical questions. I had great discussions with the students and enjoyed the event. The students used some of the Watson services like Visual Recognition and Conversation, technologies like No
118
My Favorite Tech Talks for Developers
Mon, Sep 18th 2017 3:21p   Niklas Heidloff
During my workouts I enjoy watching tech talks to learn about new technologies and trends. I’ve created a YouTube playlist with some of my favorite tech talks. The videos in the playlist are awesome sessions from great speakers like Martin Fowler, Brian Will, Erik Dörnenburg, Kevlin Henney and Jonas Bonér. The sessions cover topics like cloud-native, microservices, functional programming, reactive programming, engineering culture, coding best practises and more. The post My Favorite Tec
59
Running Cloud-Native Applications On-Premises
Mon, Sep 18th 2017 2:30p   Niklas Heidloff
Cloud-native applications have a lot of advantages compared to monolithic architectures such as scalability and elasticity. Cloud-native platforms typically also provide services that developers can use without having to worry about infrastructure. These advantages are available in public clouds and now also in some private clouds which is important for companies with high data security and privacy requirements. Recently IBM announced IBM Cloud private. The wiki describes the key features: IBM C
8
Node-RED Samples for IBM Watson IoT Hackathon
Mon, Sep 11th 2017 11:49a   Niklas Heidloff
Recently I gave an one hour webinar to help developers to prepare for a hackathon related to IBM Watson IoT. I demonstrated Node-RED and coded live some sample flows. Get the sample flows from GitHub. Functionality: Getting started with the Watson IoT Quickstart Using the IoT Starter Building simple web user interfaces via the Node-RED Dashboard Invoking REST APIs and implementing REST APIs Leveraging Watson services: Conversation, Translation, Tone Analyzer, Text to Speech Here is a screensho
4
Securing Kubernetes Applications with Vulnerability Advisor
Tue, Sep 5th 2017 7:58a   Niklas Heidloff
The Bluemix Vulnerability Advisor checks the security status of container images before deployments as well as the status of running containers. For example it can detect weak passwords, whether SSH is installed or whether images have known vulnerabilities. The Vulnerability Advisor leverages various sources like the CentOS announce archives and Red Hat RHSA announce archives to know about vulnerabilities and it calculates risk based on the IBM X-Force Exchange technology. While this functional
4
Tool to manage all Bluemix CLIs
Fri, Sep 1st 2017 7:33a   Niklas Heidloff
As a Bluemix developer you typically need to use several CLIs (command line interfaces). There is a specific CLI for Bluemix with multiple plugins to manage Bluemix applications and services. Additionally you can use third party CLIs like Docker, Kubernetes and Cloud Foundry against Bluemix. Recently a new tool has been published for macOS ‘IBM Cloud Application Tools 2‘ (beta). I find this tool pretty useful since you can install and update all CLIs with a few clicks. In the past I
6
Introducing the Conversation Optimizer for IBM Watson
Tue, Aug 29th 2017 8:18a   Niklas Heidloff
In order to develop conversational experiences it’s important to understand how users are actually using bots. Based on this data conversational experiences can continuously be improved. Watson Conversation comes with an improve component which helps analyzing and improving bots. Dependent on the service plan all conversations from the last 7, 30 or 90 days are stored. Via the Watson Conversation web interface you can get an overview of the interactions between users and bots, for example




Created and Maintained by Yancy Lent - About - Planet Lotus Blog - Advertising - Mobile Edition