Skip to content

Instantly share code, notes, and snippets.

View sozercan's full-sized avatar
:shipit:

Sertaç Özercan sozercan

:shipit:
486 followers · 246 following
View GitHub Profile
@sozercan
sozercan / gist:e1d2a98d174d99cb1f8f7fcbb930572a
Created April 5, 2024 18:59
{"spdxVersion":"SPDX-2.3","dataLicense":"CC0-1.0","SPDXID":"SPDXRef-DOCUMENT","name":"k8supstream.azurecr.io/public/oss/kubernetes/kube-proxy","documentNamespace":"https://anchore.com/syft/image/k8supstream.azurecr.io/public/oss/kubernetes/kube-proxy-a0af9d58-72fb-4030-b1eb-9f179c05d93a","creationInfo":{"licenseListVersion":"3.22","creators":["Organization: Anchore, Inc","Tool: syft-0.98.0"],"created":"2024-04-04T20:28:20Z"},"packages":[{"name":"./staging/src/k8s.io/api","SPDXID":"SPDXRef-Package-go-module-.-staging-src-k8s.io-api-fae416354729a482","versionInfo":"(devel)","supplier":"NOASSERTION","downloadLocation":"NOASSERTION","filesAnalyzed":false,"sourceInfo":"acquired package info from go module information: /usr/local/bin/kube-proxy","licenseConcluded":"NOASSERTION","licenseDeclared":"NOASSERTION","copyrightText":"NOASSERTION","externalRefs":[{"referenceCategory":"SECURITY","referenceType":"cpe23Type","referenceLocator":"cpe:2.3:a:staging:src\\/k8s.io\\/api:\\(devel\\):*:*:*:*:*:*:*"},{"referenceCategor
@sozercan
sozercan / gist:c6fcf00c37b7ee703b8bd0e51b083e46
Created April 4, 2024 18:24
Gatekeeper linux/amd64/v1 vs linux/amd64/v3
goos: linux
goarch: amd64
pkg: github.com/open-policy-agent/gatekeeper/v3/pkg/mutation
cpu: AMD EPYC 7763 64-Core Processor
│ old2.txt │ new2.txt │
│ sec/op │ sec/op vs base │
System_Mutate-8 925.8n ± 0% 935.2n ± 0% +1.02% (p=0.000 n=20)
pkg: github.com/open-policy-agent/gatekeeper/v3/pkg/mutation/mutators/assign
│ old2.txt │ new2.txt │
@sozercan
sozercan / gist:28dfa71da896989cd573d1e0a7511246
Created March 25, 2024 18:43
~ ❯ docker build --allow security.insecure -t nvdftest -f Dockerfile . --progress plain
#0 building with "default" instance using docker driver
#1 [internal] load build definition from Dockerfile
#1 DONE 0.0s
#1 [internal] load build definition from Dockerfile
#1 transferring dockerfile: 1.04kB done
#1 DONE 0.0s
@sozercan
sozercan / gist:7c904ef862c8305057486666850986c8
Created March 8, 2024 20:01
#! /usr/bin/env bash
script="$(find ~/.vscode-server-insiders/bin -iname code-insiders | tail -n 1)"
if [ -z "${script}" ]; then
echo "VSCode remote script not found"
exit 1
fi
sockets="$(find /run/user/${UID}/ -iname vscode-ipc-* 2>/dev/null)"
for s in $sockets; do
@sozercan
sozercan / trivy.json
Created May 3, 2023 18:46
{
"version": "2.1.0",
"$schema": "https://json.schemastore.org/sarif-2.1.0-rtm.5.json",
"runs": [
{
"tool": {
"driver": {
"fullName": "Trivy Vulnerability Scanner",
"informationUri": "https://github.com/aquasecurity/trivy",
"name": "Trivy",
@sozercan
sozercan / gk-tls12.txt
Created March 12, 2022 00:04
rDNS (10.96.209.121): gatekeeper-webhook-service.gatekeeper-system.svc.cluster.local.
Service detected: HTTP
Testing protocols via sockets except NPN+ALPN
SSLv2 not offered (OK)
SSLv3 not offered (OK)
TLS 1 not offered
TLS 1.1 not offered
@sozercan
sozercan / gk-tls13.txt
Created March 11, 2022 23:50
rDNS (10.96.209.121): gatekeeper-webhook-service.gatekeeper-system.svc.cluster.local.
10.96.209.121:443 appears to support TLS 1.3 ONLY. You better use --openssl=<path_to_openssl_supporting_TLS_1.3>
Type "yes" to proceed and accept all scan problems --> yes
Service detected: Couldn't determine what's running on port 443, assuming no HTTP service => skipping all HTTP checks
Testing protocols via sockets except NPN+ALPN
SSLv2 not offered (OK)
SSLv3 not offered (OK)
@sozercan
sozercan / gist:bcd576b5bcd3c76b6b07dc983150b837
Created October 28, 2021 19:40
mirror.gcr.io/library/adminer
mirror.gcr.io/library/alpine
mirror.gcr.io/library/arangodb
mirror.gcr.io/library/bash
mirror.gcr.io/library/buildpack-deps
mirror.gcr.io/library/busybox
mirror.gcr.io/library/caddy
mirror.gcr.io/library/cassandra
mirror.gcr.io/library/centos
mirror.gcr.io/library/chronograf
@sozercan
sozercan / gist:45a6b8b5e6bba6a98c0c19c1394f49ad
Created October 20, 2021 16:34
2021-10-20T16:34:40.203Z INFO Detected OS: debian
2021-10-20T16:34:40.203Z INFO Detecting Debian vulnerabilities...
2021-10-20T16:34:40.216Z INFO Number of language-specific files: 0
mcr.microsoft.com/oss/openservicemesh/osm-crds:v0.11.0 (debian 10.10)
=====================================================================
Total: 153 (UNKNOWN: 0, LOW: 111, MEDIUM: 16, HIGH: 22, CRITICAL: 4)
+------------------+------------------+----------+------------------------+----------------+--------------------------------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
@sozercan
sozercan / gist:de9a4687c482bef8e2315b79ff525d95
Created October 20, 2021 16:25
2021-10-20T16:25:12.458Z INFO Detected OS: debian
2021-10-20T16:25:12.458Z INFO Detecting Debian vulnerabilities...
2021-10-20T16:25:12.469Z INFO Number of language-specific files: 0
mcr.microsoft.com/oss/openservicemesh/osm-crds:v0.11.0 (debian 10.10)
=====================================================================
Total: 153 (UNKNOWN: 0, LOW: 111, MEDIUM: 16, HIGH: 22, CRITICAL: 4)
+------------------+------------------+----------+------------------------+----------------+--------------------------------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |