Kaniko (Executor) Sentinel One Flagging Jobs MITRE T1078, T1070, T1156, T1554, and T1083 #1979
Labels
area/security
kind/question
Further information is requested
needs-discussion
Items which need more discussion before commitment
needs-follow-up
priority/p3
agreed that this would be good to have, but no one is available at the moment.
We started evaluating the use of Kaniko for building container images as a possible way to displace shell/docker runners exposing elevated access. We are leveraging Kaniko via a K8S Cluster with GitLab CI Runners install running the Kaniko container. Our container is based on https://repo1.dso.mil/dsop/opensource/kaniko/kaniko ironbank image with cert updates for our network. All jobs are getting flagged by Sentinel One a NOT MITIGATED / SUSPICIOUS threat. Even a simple job that just builds a container based on a single FROM line end RUN echo hi. Just beginning investigation of risk in use. Threats being flagged are ...
MITRE T1078, T1070, T1156, T1554, and T1083
The text was updated successfully, but these errors were encountered: