Course by  Constanze Roedig and Peter Rossbach

Bill of Behaviour - introducing runtime profiles to supply chain security

#supplychain #oci #ebpf #anomaly #behaviour

We all need BoB - Dont take my word for it- Try it for yourself This reference implementation is to showcase how to record a known benign behaviour, extract it, attach it to a signed OCI artefact, ingest it as a client, verify it and use it as base to detect malicious behaviour.

Bill of Behaviour - introducing runtime profiles to supply chain security (cover image)

About This Course

We ❤ supply chain security, thus people invented SBOM: the Bill of Materials. Now, here comes the Bill of Behaviour BoB...

This "course" is currently WIP by Constanze and it's to be understood as a public co-lab for creating a reference implementation (like a devcontainer but with instructions and text) and you are invited to try it out and give her feedback, you can also become a co-author. It is not a "course"

Please note, that feedback both on the idea of BoB as well as the implementation (in this lab) are welcome starting Thursday April 17. It is still very alpha, at the moment we re focusing on the big ideas with the goal of this being acceptable as a standard (i.e. any tool choices should be optional), by as many vendors and users as possible.

You can contribute to the wiki in this kubescape fork.

The source code of this course is in https://github.com/k8sstormcenter/ixi and the content (like k0s config, kubescape config) is here: https://github.com/k8sstormcenter/honeycluster

What's Inside?

Enroll in course

Get notified about new lessons straight to your inbox!

How to Author Courses on iximiuz Labs

Instead of providing a subpar online editing experience, iximiuz Labs offers a helper CLI tool called labctl, allowing you to use your favorite text editor (or a full-featured IDE) to write content from the comfort of your local machine.

Install labctl CLI

curl -sf https://labs.iximiuz.com/cli/install.sh | sh

This will download and install the latest version of the labctl CLI. You only need to do this once per workstation.

Authorize labctl

labctl auth login

This will open a browser window asking you to authorize labctl to access your account. You need to do it after a fresh install of labctl and repeat it whenever the auth session expires.

Pull course content

labctl content pull course bill-of-behaviour-c070da3a

This will create a local copy of the course content in a directory named bill-of-behaviour-c070da3a. You only need to do this once per course.

Stream your changes

labctl content push -fw course bill-of-behaviour-c070da3a

Run this command in a separate terminal to continuously upload your changes to the server while editing the course in your favorite text editor or IDE.

You can also use labctl to create, list, and delete your content. Learn more about the available commands: labctl content --help