Skip to content

Project Tasks Tracker

Core Development Tasks

  • Implement three distroless container scanning approaches

    • HIGHEST PRIORITY: Approach 1 (Kubernetes API Approach): Modify the train-k8s-container plugin (Enterprise Recommended)
      • Add ephemeral container detection and fallback
      • Implement direct filesystem access through debug container
      • Modify connection and exec client classes
    • Approach 2 (Debug Container Approach): CINC Auditor in debug container with chroot (Interim solution)
      • Create specialized debug container with CINC Auditor pre-installed
      • Implement chroot-based filesystem access to target container
      • Bridge results back to host system
    • Approach 3 (Sidecar Container Approach): Sidecar container with shared process namespace (Interim solution)
      • Create script for sidecar deployment and scanning
      • Implement process detection and filesystem access
      • Integration with CI/CD pipelines

  • Complete Helm chart templates

    • Finish configmap templates for remaining components
    • Create helpers and utilities
    • Ensure proper chart dependencies
    • Create Helm chart for sidecar container approach

  • Testing with container types

    • Test with Google's distroless images
    • Test with custom minimalist containers
    • Test with different language runtimes (Go, Java, Python)

Documentation Tasks

  • Create detailed documentation showing script/command equivalence

    • Document what setup-minikube.sh does vs. direct minikube/kubectl commands
    • Document what scan-container.sh does vs. direct kubectl/inspec commands
    • Document what scan-distroless-container.sh does vs. direct ephemeral container commands
    • Create a /docs/direct-commands.md file with examples

  • Update main README.md

    • Clarify the two approaches (shell scripts vs. Helm)
    • Add installation requirements
    • Improve usage examples

  • Create comprehensive documentation

    • Design architecture and flow diagrams showing container interactions
    • Create ASCII text-based versions of all diagrams for terminal viewing
    • Develop Executive Summary for stakeholders and decision makers
    • Create detailed security risk analysis for all three approaches
    • Document risk mitigation strategies and security considerations
    • Create Enterprise Integration Analysis (scalability, maintenance, UX)
    • Develop comprehensive decision matrix for approach selection

CI/CD Integration

  • Create CI/CD pipeline examples

    • GitHub Actions workflows for container scanning
      • Dynamic RBAC scanning workflow
      • Existing cluster scanning workflow
    • GitLab CI pipelines for container scanning
      • Dynamic RBAC scanning pipeline
      • Existing cluster scanning pipeline
    • Jenkins pipeline example (optional)

  • Create CI/CD examples for all distroless approaches

    • HIGHEST PRIORITY: GitHub Actions workflow for Approach 1 (Kubernetes API Approach)
    • GitHub Actions workflow for Approach 2 (Debug Container Approach) - interim solution
    • GitHub Actions workflow for Approach 3 (Sidecar Container Approach) - interim solution
    • HIGHEST PRIORITY: GitLab CI configuration for Approach 1 (Kubernetes API Approach)
    • GitLab CI configuration for Approach 2 (Debug Container Approach) - interim solution
    • GitLab CI configuration for Approach 3 (Sidecar Container Approach) - interim solution
    • GitLab CI with Services for Approach 3 (Sidecar Container Approach) - interim solution

  • Additional Security Scanning Integration Examples

    • OWASP ZAP integration for web application security scanning
      • Create GitHub Actions example for ZAP scanning integration
      • Create GitLab CI pipeline examples for ZAP integration
      • Create GitLab Services configuration for ZAP scanning
      • Document integration points between container and application scanning
    • Create examples showing combined container/application security reporting

SAF CLI Integration

  • Implement threshold configuration files

    • Create sample threshold YAML files
    • Document threshold configuration options
    • Add examples for pass/fail criteria

  • Add SAF CLI integration examples

    • Show how to process scan results with SAF CLI
    • Demonstrate compliance reporting
    • Document threshold checks

Validation and Refinement

  • Security review

    • Audit RBAC permissions for least privilege
    • Review token generation and management
    • Assess network security model
    • Compare security implications of both distroless approaches

  • Performance optimization

    • Measure and optimize scan times for both approaches
    • Reduce resource usage during scans
    • Improve startup time
    • Benchmark and compare performance between approaches

  • Comparative analysis

    • Document pros and cons of each distroless approach
    • Create decision matrix for approach selection
    • Provide usage recommendations based on different scenarios

Documentation System

  • Implement MkDocs with Material theme

    • Create mkdocs.yml configuration
    • Set up GitHub Actions for documentation deployment
    • Create enhanced navigation hierarchy
    • Add requirements.txt for Python dependencies
    • Update README.md with documentation usage instructions
    • Update terminology for consistent naming of approaches
    • Optimize documentation build performance
    • Add custom CSS for improved styling
    • Configure Mermaid diagram settings

  • Documentation Refinement

    • Standardize approach naming across all documents
    • Create Helm Chart documentation section
    • Integrate ASCII diagram approach comparison into main documentation
    • Fix approach-mapping.md links to workflow YAML files
    • Ensure consistent messaging about the Kubernetes API Approach as enterprise-recommended solution
    • Add clear strategic priority statements across all key documentation
    • Add development and testing documentation section
    • Conduct comprehensive documentation review for coherence and flow
    • Reorganize documentation into logical directory structure
    • Fix broken internal links after reorganization
      • Fix paths in approaches/ directory files
      • Fix paths in security/ directory files
      • Fix paths in architecture/ directory files
      • Fix paths in integration/ directory files
      • Fix paths in helm-charts/ directory files
      • Fix paths in developer-guide/ directory files
      • Fix paths in overview/ directory files
    • Create script to automate link path fixes for common patterns

Administrative

  • Project release preparation
    • Version tagging (v1.0.0)
    • Release notes with key features and capabilities
    • Comprehensive documentation website with MkDocs
    • Final review of all example code and scripts
    • Create project logo and branding assets
    • Prepare demonstration of all three scanning approaches
    • Create comprehensive changelog