0Pricing
Cyber Security Academy · Lesson

Securing the Supply Chain and Secrets

Image and secret hardening.

The Software Supply Chain

A container image is built from base images, OS packages, and application dependencies, then pushed through a registry into the cluster. Each step is an opportunity for compromise. Supply-chain attacks insert malicious code before it ever reaches production.

  • Compromised base images or dependencies.
  • Tampered images in the registry.
  • Malicious CI/CD pipeline steps.

Image Vulnerabilities

Images frequently ship with known-vulnerable packages. Scanning catches these before deployment.

  • Old base images accumulate CVEs.
  • Bloated images expand the attack surface.
  • Embedded secrets in image layers leak credentials.
# Scan an image for vulnerabilities
trivy image myorg/app:1.4.2

# Scan filesystem and secrets too
trivy image --scanners vuln,secret myorg/app:1.4.2

All lessons in this course

  1. Kubernetes Threat Model
  2. RBAC and Service Accounts
  3. Pod Security and Network Policies
  4. Securing the Supply Chain and Secrets
← Back to Cyber Security Academy