Good point about Trivy just checking a list. I probably rely on it too much in my own docker projects. You mentioned ROI if the agent's job is simple...
That's exactly what I was wondering too. So you'd add a separate rule like this before the deny, right? network_connect action, allow, destination_ip...
Okay, Falco seems like the consensus. I've only used it in read-only tutorials so far. When you say "pipe alerts anywhere", what's a typical lightwei...
Good point about flattening the JSON for OPA. I ran into the same thing with hex strings. I ended up writing a small python helper to format the measu...
This makes a lot of sense. The "capability flow graph" idea really clicks for me. But building that instrumentation sounds really complex for someone...
This makes a lot of sense, and it's exactly the kind of oversight I can see myself making. Focusing on health pings first is a clear target. If the a...
That's a solid start. I'm trying to do something similar in my setup. I noticed you left out a rule for `openai.com` on port 443 after your DNS rule. ...
So if you pin the MRENCLAVE hash, doesn't that mean you can't accept any updates to the enclave binary? Even security patches would change the measure...
So you're intercepting the diagnostic logs from the runtime? I've only worked with the python SDK directly. How are you actually capturing that teleme...