ThreatMapper is an open source tool that hunts for vulnerabilities in your production Kubernetes environment, and ranks them based on their risk of exploit. It is built by Deepfence, who also sell a commercial product based on it called ThreatStryker. Co-founder/CEO Sandeep Lahane and head of products/community Owen Garrett join Craig to discuss how to decide what to open and what to keep closed, and just how deep his fence needs to be.
Do you have something cool to share? Some questions? Let us know:

web: kubernetespodcast.com
mail: kubernetespodcast@google.com
twitter: @kubernetespod

Chatter of the week

Episode 171, with Frederic Branczyk
Ahmet Alp Balkan’s coffee beans
French press
Moka pot

News of the week

Go 1.18 released

Go now with Google Cloud


Continuous fuzzing in etcd
Veritas says Kubernetes is an Achilles Heel in defense against ransomware attacks
ARMO’s changelog for the NSA/CISA hardening guide

KubeScape


Cloud Native Developer Bootcamp

Use the code K8SPC30 for 30% off, if it’s before April 19, 2022 when you read this


Plural launches with $6m seed round

Launch HN post


Speed boost on Docker Desktop for Mac
Track the Ever Forward

Links from the interview

Deepfence
ThreatMapper: the open source project
ThreatStryker: the commercial product
A failed startup story

Heartbleed
Buffer overflow
Address Sanitizer
Intel SGX
Chrome sandbox
Intel MPX
Spectre and Meltdown


NGINX (the company)
eBPF
Forward secrecy
Deepfence’s Series A announcement
Shifting left
Behind 2 proxies
MITRE ATT&CK matrix
Cyber Kill Chain
ThreatMapper on GitHub
What’s new in ThreatMapper 1.3.0?
Sandeep Lahare and Owen Garrett on Twitter