Proactively looking after security concerns

[fabriciojs]

In the spirit of shifting left security concerns, we should always benefit from putting effort into this matter sooner rather than later.

This is a broad topic that we must see a continuous mission and as always as possible evolve on it.

We could think of:

• Docker images scanning (recently introduced grype on our CI pipeline)
• Add scan preset to be used in projects running with kool.
• Add anti-virus scanning to validate our distributed binaries.
• Proactively check Docker environments for vulnerabilities when running kool (version, firewall settings)

[fabriciojs]

For the anti-virus scanning we could bring to our CI Camav:

• Website: https://www.clamav.net/
• Repo: https://github.com/Cisco-Talos/clamav-devel
• There is even a GH action from the community - https://github.com/djdefi/gitavscan