Containers from scratch

Running a rootless container in a few lines of Go code with just linux syscalls

Grumpy: Cosign Validator

Runs as validating admission controller to verify integrity of images

Harbor Enhanced Logging

Improving the security audit logging in Harbor using OpenResty & change of architectural design

Malicious Admission Controller

Kubernetes Admission Controller Webhook Demo