K8s开源安全平台kubescape实现Pod的安全合规检查镜像漏洞扫描
写在前面生产环境中的 k8s 集群安全不可忽略,即使是内网环境 容器化的应用部署虽然本质上没有变化,始终是机器上的一个进程 但是提高了安全问题的处理的复杂性 分享一个开源的 k8s 集群安全合规检查/漏洞扫描 工具 kubescape 博文内容涉及: kubescape 简介介绍kubescape 命令行工具安装,扫描运行的集群kubescape 在集群下安装,通过 kubescape Clound 可视化查看扫描信息理解不足小伙伴帮忙指正 需要有科学上网环境
对每个人而言,真正的职责只有一个:找到自我。然后在心中坚守其一生,全心全意,永不停息。所有其它的路都是不完整的,是人的逃避方式,是对大众理想的懦弱回归,是随波逐流,是对内心的恐惧 ——赫尔曼·黑塞《德米安》 简单介绍k8s 安全问题不可忽略
镜像的不可变性使我们能够方便地部署、测试和发布镜像到其他环境,这是一个很大的优势,但也带来了潜在的风险:镜像及其依赖在过时或者被弃用时,无法自动更新或打新的安全补丁,尤其一些基础镜像,重新做镜像,需要依赖一些厂商,或者开源项目 team 来维护。
RedHat 在 2022 年 Kubernetes 安全报告中对 300 多名 DevOps、工程和安全专业人士进行了调查,发现对 容器安全威胁的担忧以及对容器安全投资的缺乏 是 31% 的受访者对容器策略最普遍的担忧。
支持这些担忧的是 93% 的受访者在过去 12 个月内在其 Kubernetes 环境中经历过至少一次安全事件,这些事件有时会导致收入或客户流失。超过一半的受访者 (55%) 在过去一年中还因为安全问题而不得不推迟应用程序的推出。
尽管媒体广泛关注网络攻击,但该报告强调, 实际上是错误配置让 IT 专业人员彻夜难眠 。Kubernetes 是高度可定制的,具有可以影响应用程序安全状况的各种配置选项。因此,受访者最担心的是容器和 Kubernetes 环境中的错误配置导致的风险暴露 (46%) —— 几乎是对攻击的担忧程度 (16%) 的三倍。尽可能自动化配置管理有助于缓解这些问题,因此安全工具 —— 而不是人类 —— 提供了帮助开发人员和 DevOps 团队更安全地配置容器和 Kubernetes 的护栏。
以上内容来自:Redhat Blog(The State of Kubernetes Security in 2022) Kubescape 简单介绍
Kubescape 是一个开源的 Kubernetes 安全平台。它的功能包括 风险分析 、安全合规性 和 错误配置扫描 。针对 DevSecOps 从业者或平台工程师,提供易于使用的 CLI 界面、灵活的输出格式和自动扫描功能。同时对于小集群提供了免费的 在线 面板工具,它为 Kubernetes 用户和管理员节省了宝贵的时间、精力和资源。
Kubescape 可以扫描运行的集群、静态 YAML 文件和 本地 Helm Charts。它根据多个框架(包括 NSA-CISA、MITRE ATT&CK®和CIS Benchmark )检测错误配置。
Kubescape 由 ARMO 创建,是一个 Cloud Native Computing Foundation (CNCF) 沙盒项目。
Kubescape 如果小伙伴觉得重的话, kubectl 有一个类似的插件,个人十分推荐,叫做 kube-score ,很轻量,也可以做一些简单的合规性扫描。但是只有扫描合规性的提示,没有规范出处。Kubescape 安装
当前的集群信息 ┌──[root@vms100.liruilongs.github.io]-[~] └─$kubectl get nodes NAME STATUS ROLES AGE VERSION vms100.liruilongs.github.io Ready control-plane 8d v1.25.1 vms101.liruilongs.github.io Ready control-plane 8d v1.25.1 vms102.liruilongs.github.io Ready control-plane 8d v1.25.1 vms103.liruilongs.github.io Ready 8d v1.25.1 vms105.liruilongs.github.io Ready 8d v1.25.1 vms106.liruilongs.github.io Ready 8d v1.25.1 vms107.liruilongs.github.io Ready 8d v1.25.1 vms108.liruilongs.github.io Ready 8d v1.25.1 ┌──[root@vms100.liruilongs.github.io]-[~] └─$
集群节点信息 ┌──[root@vms100.liruilongs.github.io]-[~] └─$hostnamectl Static hostname: vms100.liruilongs.github.io Icon name: computer-vm Chassis: vm Machine ID: e93ae3f6cb354f3ba509eeb73568087e Boot ID: a1150b6d97dc4afbb81dae58f131a487 Virtualization: vmware Operating System: CentOS Linux 7 (Core) CPE OS Name: cpe:/o:centos:centos:7 Kernel: Linux 5.4.230-1.el7.elrepo.x86_64 Architecture: x86-64 ┌──[root@vms100.liruilongs.github.io]-[~] └─$
Kubescape 命令行工具安装 Kubescape CLI 安装
通过下面的方式自动安装 curl -s https://raw.githubusercontent.com/kubescape/kubescape/master/install.sh | /bin/bash
如果没有科学上网,找一台可以访问的集群,下载 install.sh 文件,按照下面方式修改,获取 curl 命令,自行下载。 ┌──[root@vms100.liruilongs.github.io]-[~/ansible/kubescape] └─$vim install.sh ....... # curl --progress-bar -L $DOWNLOAD_URL -o $OUTPUT echo "curl --progress-bar -L $DOWNLOAD_URL -o $OUTPUT" exit 1 ...
运行 shell,获取下载命令,找有网的机器下载 ┌──[root@vms100.liruilongs.github.io]-[~/ansible/kubescape] └─$sh install.sh Installing Kubescape... curl --progress-bar -L https://github.com/kubescape/kubescape/releases/latest/download/kubescape-ubuntu-latest -o /root/.kubescape/kubescape
上传到指定位置 ┌──[root@vms100.liruilongs.github.io]-[~/ansible/kubescape] └─$ls install.sh kubescape-ubuntu-latest ┌──[root@vms100.liruilongs.github.io]-[~/ansible/kubescape] └─$mv kubescape-ubuntu-latest /root/.kubescape/kubescape mv:是否覆盖"/root/.kubescape/kubescape"? y ┌──[root@vms100.liruilongs.github.io]-[~/ansible/kubescape] └─$
修改脚本,再次运行。 ┌──[root@vms100.liruilongs.github.io]-[~/ansible/kubescape] └─$vim install.sh # exit 1 ┌──[root@vms100.liruilongs.github.io]-[~/ansible/kubescape] └─$sh install.sh Installing Kubescape... curl --progress-bar -L https://github.com/kubescape/kubescape/releases/latest/download/kubescape-ubuntu-latest -o /root/.kubescape/kubescape Finished Installation. Your current version is: v2.0.183 [git enabled in build: true] Usage: $ kubescape scan --enable-host-scan
到这里 ,kubescape 命令行工具即安装成功,扫描当前运行的集群可以运行如下命令。 ┌──[root@vms100.liruilongs.github.io]-[~/ansible] └─$kubescape scan --enable-host-scan --format html --output results.html --verbose [info] Kubescape scanner starting [info] Installing host scanner [info] Downloading/Loading policy definitions [success] Downloaded/Loaded policy [info] Accessing Kubernetes objects [success] Accessed to Kubernetes objects [info] Requesting images vulnerabilities results [success] Requested images vulnerabilities results [info] Requesting Host scanner data [info] Host scanner version : v1.0.39 ◑[error] failed to get data. path: /controlPlaneInfo; podName: host-scanner-xshr6; error: the server could not find the requested resource (get pods http:host-scanner-xshr6:7888) ◒[error] failed to get data. path: /controlPlaneInfo; podName: host-scanner-4tgnp; error: the server could not find the requested resource (get pods http:host-scanner-4tgnp:7888) ....... [success] Done scanning. Cluster: kubernetes-admin-kubernetes ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ################################################################################ ApiVersion: hostdata.kubescape.cloud/v1beta0 Kind: KubeletInfo Name: vms105.liruilongs.github.io Controls: 21 (Failed: 6, Excluded: 0) +----------+--------------------------------+------------------------------------+------------------------+ | SEVERITY | CONTROL NAME | DOCS | ASSISTANT REMEDIATION | +----------+--------------------------------+------------------------------------+------------------------+ | High | CIS-4.1.7 Ensure that the | https://hub.armosec.io/docs/c-0168 | | | | certificate authorities file | | | | | permissions are set to 600 or | | | | | more restrictive | | | + +--------------------------------+------------------------------------+------------------------+ | | CIS-4.1.9 If the kubelet | https://hub.armosec.io/docs/c-0170 | | | | config.yaml configuration | | | | | file is being used validate | | | | | permissions set to 600 or more | | | | | restrictive | | | +----------+--------------------------------+------------------------------------+------------------------+ ........ +----------+--------------------------------+------------------------------------+------------------------+ | Low | CIS-4.2.6 Ensure that the | https://hub.armosec.io/docs/c-0177 | protectKernelDefaults | | | --protect-kernel-defaults | | | | | argument is set to true | | | + +--------------------------------+------------------------------------+------------------------+ | | CIS-4.2.7 Ensure that the | https://hub.armosec.io/docs/c-0178 | makeIPTablesUtilChains | | | --make-iptables-util-chains | | | | | argument is set to true | | | +----------+--------------------------------+------------------------------------+------------------------+ ################################################################################ ApiVersion: v1 Kind: Namespace Name: kubescape Controls: 18 (Failed: 17, Excluded: 0) +----------+--------------------------------+------------------------------------+----------------------------------------------------------------+ | SEVERITY | CONTROL NAME | DOCS | ASSISTANT REMEDIATION | +----------+--------------------------------+------------------------------------+----------------------------------------------------------------+ | High | CIS-5.2.11 Minimize the | https://hub.armosec.io/docs/c-0202 | metadata.labels[pod-security.kubernetes.io/enforce]=baseline | | | admission of Windows | | | | | HostProcess Containers | | | + +--------------------------------+------------------------------------+ + | | CIS-5.2.2 Minimize the | https://hub.armosec.io/docs/c-0193 | | | | admission of privileged | | | | | containers | | | +----------+--------------------------------+------------------------------------+----------------------------------------------------------------+ | Medium | CIS-5.2.1 Ensure that | https://hub.armosec.io/docs/c-0192 | metadata.labels[pod-security.kubernetes.io/enforce]=YOUR_VALUE | | | the cluster has at least | | | | | one active policy control | | | | | mechanism in place | | | + +--------------------------------+------------------------------------+----------------------------------------------------------------+ ....... .......... ################################################################################ ApiVersion: hostdata.kubescape.cloud/v1beta0 Kind: ControlPlaneInfo Name: vms102.liruilongs.github.io Controls: 25 (Failed: 1, Excluded: 0) +----------+--------------------------------+------------------------------------+-----------------------+ | SEVERITY | CONTROL NAME | DOCS | ASSISTANT REMEDIATION | +----------+--------------------------------+------------------------------------+-----------------------+ | High | CIS-1.1.20 Ensure that the | https://hub.armosec.io/docs/c-0111 | | | | Kubernetes PKI certificate | | | | | file permissions are set to | | | | | 600 or more restrictive | | | +----------+--------------------------------+------------------------------------+-----------------------+ ################################################################################ ApiVersion: apps/v1 Kind: Deployment Name: local-path-provisioner Namespace: local-path-storage Controls: 35 (Failed: 18, Excluded: 0) ... ........ ......
输出的合规信息和漏洞信息。
异常问题
我在 kubescape 多次次扫描中,集群因部分节点因为端口问题,无法发生调度,节点上的 kubescape 对于的 pod 无法自行删除,如果上一次扫描的 pod 或则 ns 没有删除,那么下一次的扫描无法进行,之前创建的 pod 和 ns 状态一直为 Terminating , 解决办法需要 对命名空间进行彻底删除。
这里执行完命令会进入阻塞状态。 ┌──[root@vms100.liruilongs.github.io]-[~/ansible/kubevirt] └─$kubectl delete ns kubescape-host-scanner namespace "kubescape-host-scanner" deleted
运行脚本删除 ┌──[root@vms100.liruilongs.github.io]-[~/ansible/k8s_shell_secript] └─$cat delete_namespace.sh #!/bin/bash coproc kubectl proxy --port=30990 & if [ $# -eq 0 ] ; then echo "后面加上你所要删除的ns." exit 1 fi kubectl get namespace $1 -o json > logging.json sed -i "/"finalizers"/{n;d}" logging.json curl -k -H "Content-Type: application/json" -X PUT --data-binary @logging.json http://127.0.0.1:30990/api/v1/namespaces/${1}/finalize kill %1 ┌──[root@vms100.liruilongs.github.io]-[~/ansible/k8s_shell_secript] └─$sh delete_namespace.sh kubescape-host-scanner
也可以离线运行 Kubescape ,时间网络原因,这里不做分享,有需要的小伙伴可以到 github 上的项目地址查看详细信息。一些其他的用法
扫描正在运行的 Kubernetes 集群: kubescape scan --enable-host-scan --verbose
使用替代的 kubeconfig 文件: kubescape scan --kubeconfig cluster.conf
扫描特定的命名空间: kubescape scan --include-namespaces development,staging,production
排除某些命名空间: kubescape scan --exclude-namespaces kube-system,kube-public
部署前扫描本地 YAML/JSON 文件: kubescape scan *.yaml ┌──[root@vms100.liruilongs.github.io]-[~/ansible/helm] └─$kubescape scan --enable-host-scan kube-prometheus-stack.yaml --format html --output resout.html [info] Kubescape scanner starting [warning] in setContextMetadata. case: git-url; error: repository host "gitee.com" not supported [info] Downloading/Loading policy definitions [success] Downloaded/Loaded policy [info] Accessing local objects [success] Done accessing local objects [info] Scanning GitLocal [success] Done scanning GitLocal ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Controls: 55 (Failed: 31, Excluded: 0, Skipped: 0) Failed Resources by Severity: Critical — 0, High — 34, Medium — 151, Low — 24 +----------+--------------------------------------------------------------------------------------------+------------------+--------------------+---------------+--------------+ | SEVERITY | CONTROL NAME | FAILED RESOURCES | EXCLUDED RESOURCES | ALL RESOURCES | % RISK-SCORE | +----------+--------------------------------------------------------------------------------------------+------------------+--------------------+---------------+--------------+ | High | Resources memory limit and request | 7 | 0 | 7 | 100% | | High | Resource limits | 7 | 0 | 7 | 100% | | High | List Kubernetes secrets | 4 | 0 | 7 | 57% | … | Medium | Allow privilege escalation | 6 | 0 | 7 | 86% | | Medium | Ingress and Egress blocked | 7 | 0 | 7 | 100% | … | Medium | CIS-5.4.1 Prefer using secrets as files over secrets as environment variables | 1 | 0 | 7 | 14% | | Medium | CIS-5.7.2 Ensure that the seccomp profile is set to docker/default in your pod definitions | 7 | 0 | 7 | 100% | | Medium | CIS-5.7.4 The default namespace should not be used | 56 | 0 | 61 | 92% | | Low | Immutable container filesystem | 6 | 0 | 7 | 86% | | Low | Configured readiness probe | 5 | 0 | 7 | 71% | | Low | Malicious admission controller (validating) | 1 | 0 | 1 | 100% | | Low | Pods in default namespace | 7 | 0 | 7 | 100% | | Low | Naked PODs | 1 | 0 | 1 | 100% | | Low | Label usage for resources | 3 | 0 | 7 | 43% | | Low | K8s common labels usage | 1 | 0 | 7 | 14% | +----------+--------------------------------------------------------------------------------------------+------------------+--------------------+---------------+--------------+ | | RESOURCE SUMMARY | 66 | 0 | 72 | 43.26% | +----------+--------------------------------------------------------------------------------------------+------------------+--------------------+---------------+--------------+ FRAMEWORKS: ArmoBest (risk: 33.51), cis-v1.23-t1.0.1 (risk: 62.75), DevOpsBest (risk: 61.72), AllControls (risk: 36.46), MITRE (risk: 11.79), NSA (risk: 33.74) [success] Scan results saved. filename: resout.html ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan results have not been submitted: run kubescape with the "--account" flag For more details: https://hub.armosec.io/docs/installing-kubescape?utm_campaign=Submit&utm_medium=CLI&utm_source=GitHub ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Run with "--verbose"/"-v" flag for detailed resources view ┌──[root@vms100.liruilongs.github.io]-[~/ansible/helm] └─$l
从 Git 存储库扫描 Kubernetes 清单文件: kubescape scan https://github.com/kubescape/kubescape
扫描 Helm 图表,kubescape 将加载默认的 VALUES 文件。 kubescape scan
扫描 Kustomize 目录,Kubescape 将使用 kustomize 文件生成 Kubernetes YAML 对象并扫描它们以确保安全。 kubescape scan
使用 NSA 框架扫描正在运行的 Kubernetes 集群: kubescape scan framework nsa
使用 MITRE ATT&CK® 框架扫描正在运行的 Kubernetes 集群: kubescape scan framework mitre
使用控件名称或控件 ID 扫描特定控件。请参阅控件列表。 kubescape scan control "Privileged container" 指定报告输出格式
JSON: kubescape scan --format json --format-version v2 --output results.json
XML: kubescape scan --format junit --output results.xml
PDF: kubescape scan --format pdf --output results.pdf
普罗米修斯指标: kubescape scan --format prometheus
HTML kubescape scan --format html --output results.html
显示所有扫描到的资源(包括通过的资源): kubescape scan --verbose Kubescape 在集群下安装
Kubescape 也可以在集群下安装,通过集群安装,可以在 cloud 里的 UI 界面查看具体扫描信息,集群中安装 Kubescape,先决条件 确保您拥有 Kubescape Cloud 帐户——如果没有,请在此处注册 您需要拥有对集群的安装权限(您应该能够创建 Deployments、CronJobs、ConfigMaps 和 Secrets) 你必须有 Kubectl 和 Helm
集群要求 Kubescape 运算符组件至少需要 400Mib RAM 和 400m CPU
具体的安装可以参考下的教程: 需要注册 Kubescape Cloud,并且 只有的工作节点小于 10 个的时候才免费 。
https://hub.armosec.io/docs/installation-of-armo-in-cluster#install-a-pre-registered-cluster
注册登录
这里登录完会弹出一个安装部署,安装安装部署安装即可
添加 Helm 源,并更新 ┌──[root@vms100.liruilongs.github.io]-[~/ansible/kubescape] └─$helm repo add kubescape https://kubescape.github.io/helm-charts/ "kubescape" has been added to your repositories ┌──[root@vms100.liruilongs.github.io]-[~/ansible/kubescape] └─$helm repo update Hang tight while we grab the latest from your chart repositories... ...Successfully got an update from the "rancher-stable" chart repository ...Successfully got an update from the "botkube" chart repository ...Successfully got an update from the "awx-operator" chart repository ...Successfully got an update from the "kubescape" chart repository Update Complete. ⎈Happy Helming!⎈
运行 charts ┌──[root@vms100.liruilongs.github.io]-[~/ansible/kubescape] └─$helm upgrade --install kubescape kubescape/kubescape-cloud-operator -n kubescape --create-namespace --set account=97f09924-0c06-42e4-bdad-5b333321af77 --set clusterName=`kubectl config current-context` Release "kubescape" does not exist. Installing it now. ......... ...................... NAME: kubescape LAST DEPLOYED: Sat Feb 4 10:03:36 2023 NAMESPACE: kubescape STATUS: deployed REVISION: 1 TEST SUITE: None NOTES: Thank you for installing kubescape-cloud-operator version 1.9.5. In a few minutes your scan results will be available in the following link: https://cloud.armosec.io/config-scanning/kubernetes-admin-kubernetes You can see and change the values of your"s recurring configurations daily scan in the following link: https://cloud.armosec.io/settings/assets/clusters/scheduled-scans?cluster=kubernetes-admin-kubernetes > kubectl -n kubescape get cj kubescape-scheduler -o=jsonpath="{.metadata.name}{" "}{.spec.schedule}{" "}" You can see and change the values of your"s recurring images daily scan in the following link: https://cloud.armosec.io/settings/assets/images > kubectl -n kubescape get cj kubevuln-scheduler -o=jsonpath="{.metadata.name}{" "}{.spec.schedule}{" "}" See you!!! ┌──[root@vms100.liruilongs.github.io]-[~/ansible/kubescape] └─$
运行完成,安装提示操作,点击刚才注册生成的页面。
验证 Kubescape 在集群中运行状态 ┌──[root@vms100.liruilongs.github.io]-[~/ansible/kubescape] └─$kubectl -n kubescape get deployments.apps NAME READY UP-TO-DATE AVAILABLE AGE gateway 1/1 1 1 19m kubescape 1/1 1 1 19m kubevuln 1/1 1 1 19m operator 1/1 1 1 19m
kubescape 会定期扫描 ┌──[root@vms100.liruilongs.github.io]-[~/ansible/kubescape] └─$kubectl get cronjobs.batch -n kubescape NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE kubescape-scheduler 21 3 * * * False 0 20m kubevuln-scheduler 13 22 * * * False 0 20m ┌──[root@vms100.liruilongs.github.io]-[~/ansible/kubescape] └─$
在登录的主页中可以看到集群和第一次扫描结果
安全合规性扫描信息
可以通过不同的维度来看
合规性的维度查看
集群 Pod/Deploy 的维度查看
具体的 合规配置信息查看
漏洞扫描
关于 kubescape 和小伙伴分享到这里,时间关系,没有深入太多。偶尔听大佬谈到,所以研究一下,有需要的小伙伴快去尝试吧。博文部分内容参考
文中涉及参考链接内容版权归原作者所有,如有侵权请告知
https://github.com/kubescape/kubescape
https://www.redhat.com/en/blog/state-kubernetes-security-2022-1
https://betterprogramming.pub/image-vulnerability-scanning-for-optimal-kubernetes-security-c3ba933190ef
https://hub.armosec.io/docs/installation-of-armo-in-cluster#install-a-pre-registered-cluster
© 2018-2023 liruilonger@gmail.com,All rights reserved. 保持署名-非商用-自由转载-相同方式共享(创意共享 3.0 许可证)
四向穿梭车助力企业打造高密集柔性化的立体仓库系统四向穿梭车立体仓库海胜智能装备自动化立体仓库,主要由立体货架存取设备输送系统软件控制管理系统等组成,是现代企业仓储物流中心的重要设施,具有节约占地提高储存效率增强仓库管理及时性和准
小米米家恒温电水壶2Pro今晚开售,配备水温显示屏IT之家11月7日消息,小米又上线了一款水壶新品,米家恒温电水壶2Pro宣布将于明日0点线上开售,届时将公布价格和配置信息。根据官方海报,小米米家恒温电水壶2Pro号称全面旗舰的六
联发科天玑9200将于11月8日发布旗舰定位,对标高通骁龙8Gen2今年的安卓新一代旗舰处理器来得比往年都要快,高通在前些日子官宣2022高通骁龙峰会将于11月16日举行,届时高通全新一代旗舰SOC骁龙8Gen2移动平台将正式亮相,而作为竞争对手的
百里追光,小鹏G9极限能耗如何?HI大家好,我是大包子狸。前几天发了一篇全网速度领先!小鹏G9高速光电续航成绩来啦!,对小鹏G9的能耗进行了从905的光电测试,结果在绝对平均速度100的情况下,标准模式可以跑到八
华为麒麟芯片欲火回归,官方回应不实现在华为发布的手机,大多采用的是高通骁龙4G处理器,自家的麒麟芯片由于受到制裁的原因,迟迟不能采用,也不能发布。近日有数码博主爆料称,明年会有麒麟芯片回归,而且现在进度还算顺利,流
赚钱快,还有保底收入?缴了3万多运营费后琼海近百人疑被骗新海南客户端南海网南国都市报记者苏桂除文图跨境电商运营赚钱快又有保底收入?11月3日琼海市嘉积镇的王女士来到琼海市公安局城北派出所报案称自己给一公司负责人缴了3。56万元运营费两个
连续并购商誉高企长晶科技闯关创业板每经记者朱成祥每经编辑杨,夏日前,长晶科技递交的招股书获受理,拟赴创业板上市。据了解,长晶科技主要业务由收购而来,且均源自国内封测龙头长电科技(SH600584,股价24。19元,
特斯拉最牛SUV首发!2。1秒破百,价格心动吗?11月5日,特斯拉新款ModelSPlaidModelXPlaid在第五届中国国际进口博览会首发。两车均搭载三电机驱动系统,其中ModelSPlaid零百加速为品牌最快,仅需2。1
PLC300(400)PLC数据的方法PLCRecorder收听模式里的高速功能可以接收PLC高速发出的数据电文,文章PLCRecorder以2ms的速度采集西门子S71500PLC数据的方法里描述了S71200150
热点透视充分发挥科技特派团作用白玉芹推动县域经济提质增效,创新是关键,人才是重点。科技特派团可以有效推动科技人才下沉,解决企业科技难题,激发市场主体创新活力。全省经济工作推进会议强调,充分发挥科技特派团作用,培
全球变暖紧急呼吁采取行动,保护健康如果您是自然(Nature)或科学(Science)的忠实读者,会发现有越来越多的警告称,一些人类赖以生存的重要地球系统正在加速崩溃。自1997年以来,南极冰架的面积已经缩小了近2