Proposed by: Nitish Kumar

The JSON way to secure your Infrastructure: Kyverno-JSON!

Remember that Jenga game, stacking those blocks higher and higher until the tower teeters on the edge and... CRASH! Now imagine those blocks are lines of configuration files, and a single mistake could explode your entire cloud infrastructure. Scary, right? With infrastructures and platforms going cloud native, there are greater security risks now than ever before. In an infrastructure containing multiple configuration files such as Dockerfiles, Terraform files, and cloud configuration files, it becomes extremely important to validate these configuration files that could lead to security vulnerabilities in the Infrastructure.


Addressing issues, whether in Kubernetes or application code, during the coding phase is relatively easy. Usually, it requires just one or two developers to fix them. However, as we move through stages like functional testing, system testing, and release, fixing issues becomes increasingly complex and resource-intensive. If we only spot a problem during the release phase, it can cause significant delays and require many developers to debug and fix the issue while the product is already live, impacting customers and leading to losses. Hence, each stage of the pipeline should include testing and security checks to mitigate risks effectively.


In this talk, Nitish will introduce you to an exciting new open-sourced security tool named Kyverno-JSON. With this, stakeholders and developers can effortlessly validate various configuration files against Kyverno's pre-defined policies. Simply provide any JSON/Yaml payload to Kyverno-JSON, and let it validate your configuration files to mitigate security risks. Lastly, the audience will also get to know how to write their own custom policies for their infrastructure and prevent security vulnerabilities in configuration files using Kyverno-json.

Source code/Reference: https://www.youtube.com/live/v-eAvZzJTJo?si=7lN6FG8vS-x3J21Q

Talk duration: