Go to the 'docker-node-hello-world' directory and run the following:

docker build -f Dockerfile -t hello-world:1.0 .
docker run -it --rm -p 4000:4000 hello-world:1.0

Now open your browser and go to "http://localhost:4000"

We will use Trivy to scan the image you've created for Vulnerabilities. Follow the documentation to install Trivy. Once done, run the following command:

trivy image hello-world:1.0

You should see many vulnerabilities:

To fix the vulnerabilities we will update the Base Image of the container image, build a new image and scan it. Look at Dockerfile.fixed - it has a newer base image. Let's now build and scan it

docker build -f Dockerfile.fixed -t hello-world:2.0 .
trivy image hello-world:2.0

As you can see - much less vulnerabilities now...

We will use git-secrets to search for secrets inside our code. Follow the documentation to install git-secrets. Once done, run the following commands:

git secrets --add 'password\s*=\s*.+'
git secrets --scan -r *

As you can see - it found a hard-coded password under server.js file:

We will use kube-hunter to run Kubernetes penetration testing. Run the following commands:

kubectl create -f kube-hunter.yaml
kubectl get pods
kubectl logs <kube-hunter pod name>

You will see the various tests that kube-hunter performs and their findings.

We will use tracee for runtime security on a Linux environment. Run the following commands:

docker run --name tracee --rm --privileged  -v /lib/modules:/lib/modules -it aquasec/tracee:0.6.0

You can now run a suspecious actions on the host, like:

strace ls

And look at the Tracee logs, which indicates the suspecious event was identified:

docker logs tracee