ericsmalling

#!/usr/bin/env python3

# For a given image URL, platform and search string, fid any layers that add, remove or change a file with a name that matches the search string

import sys
import os
import subprocess
import json
import re
import datetime

ericsmalling

#!/bin/bash

# Set the IFS variable to a newline character
IFS=$'\n'

# Get the list of docker images
images=$(docker images -a)

# Loop through the list of images
for image in $images; do

ericsmalling

snyk container test cgr.dev/chainguard/nginx --print-deps --platform=amd64 --app-vulns                                                                                                                                             
docker-image|cgr.dev/chainguard/nginx @ latest
   ├─ alpine-baselayout/alpine-baselayout-data @ 3.3.0-r2
   ├─ aom/aom-libs @ 3.5.0-r0
   ├─ brotli/brotli-libs @ 1.0.9-r8
   ├─ busybox/busybox @ 1.35.0-r27
   ├─ busybox/busybox-binsh @ 1.35.0-r27
   │  └─ busybox/busybox @ 1.35.0-r27
   ├─ bzip2/libbz2 @ 1.0.8-r3
   ├─ dav1d/libdav1d @ 1.0.0-r1

ericsmalling

# Config I use for Tie Fighter Collectors' CD-ROM on OS X w/ XBox One controller via bluetooth (with ISO of CD in path configed below)

# This is the configuration file for DOSBox 0.74-3-3. (Please use the latest version of DOSBox)
# Lines starting with a # are comment lines and are ignored by DOSBox.
# They are used to (briefly) document the effect of each option.

[sdl]
#       fullscreen: Start dosbox directly in fullscreen. (Press ALT-Enter to go back)
#       fulldouble: Use double buffering in fullscreen. It can reduce screen flickering, but it can also result in a slow DOSBox.
#   fullresolution: What resolution to use for fullscreen: original, desktop or fixed size (e.g. 1024x768).

ericsmalling

Eric's list of interesting Container and K8s security content

• Kubernetes SecurityContext Cheatsheet: https://snyk.co/udW5K
• Dockerfile Best Practices: https://docs.docker.com/develop/develop-images/dockerfile_best-practices
• Using multi-stage builds: https://docs.docker.com/develop/develop-images/multistage-build
• OPA Gatekeeper: https://open-policy-agent.github.io/gatekeeper/website/docs
• Kyverno: https://kyverno.io
• PodSecurityPolicy Deprecation: Past, Present, and Future: https://kubernetes.io/blog/2021/04/06/podsecuritypolicy-deprecation-past-present-and-future
• CNCF Certification Curriculum: https://github.com/cncf/curriculum
• Snyk Kubernetes “Quick hit” videos: https://youtube.com/playlist?list=PLQ6IC7glz4-UA4uKQOhmAxh6Mhvr3m4g-

ericsmalling

Keybase proof

I hereby claim:

• I am ericsmalling on github.
• I am esmalling (https://keybase.io/esmalling) on keybase.
• I have a public key ASDOlnon9xZo99ocLFOyoG0LQTiaRJ_-ggEcsHYlImD3-Ao

To claim this, I am signing this object:

ericsmalling

Vagrantfile:
...
  config.vm.provision "puppet" do |puppet|
    puppet.module_path = "modules"
    puppet.facter = {
      'vpnUsername' => VPN_USERNAME,
      'vpnPassword' => VPN_PASSWORD
    }
    puppet.options = "--verbose --debug"
  end