Tackling the Container Iceberg:How to approach security when most of your software comes from the community
Melden
WhiteSourceFolgen
31. Mar 2020•0 gefällt mir•85 views
Tackling the Container Iceberg:How to approach security when most of your software comes from the community
31. Mar 2020•0 gefällt mir•85 views
Downloaden Sie, um offline zu lesen
Melden
Software
Container images are based on many direct and indirect open source dependencies, which most developers are not aware of. What are the security implications of only seeing the tip of the iceberg? What are the challenges one faces when relying so heavily on open source? And how can teams overcome these? Join Codefresh and WhiteSource, as they embark on a journey to tackle: The container iceberg - learn what are your blind spots The main security challenges when using open source in containerized applications The role of automation in open source security in containers A live demo showing how WhiteSource & Codefresh can allow you to automate open source security in containers throughout the DevOps pipeline
WhiteSourceFolgen
Recomendados
Innocent Vulnerabilities vs. Malicious Backdoors: How to Manage Your RiskWhiteSource
Empowering Financial Institutions to Use Open Source With ConfidenceWhiteSource
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps WhiteSource
The Challenges of Scaling DevSecOpsWhiteSource
Open Source Security: How to Lay the Groundwork for a Secure CultureWhiteSource
Open Source Security at Scale- The DevOps Challenge WhiteSource
Más contenido relacionado
Was ist angesagt?
The State of Open Source Vulnerabilities ManagementWhiteSource
Benefits of DevSecOpsFinto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
CI/CD pipeline security from start to finish with WhiteSource & CircleCIWhiteSource
PIACERE - DevSecOps AutomatedPIACERE
The New Security Playbook: DevSecOpsJames Wickett
DevSecOps The Evolution of DevOpsMichael Man
Similar a Tackling the Container Iceberg:How to approach security when most of your software comes from the community
Tackling the Container Iceberg: How to Approach Security When Most of Your So...DevOps.com
Barriers to Container Security and How to Overcome ThemWhiteSource
Webinar: Does Object Storage Make Sense for Backups?Storage Switzerland
From Zero To Hero: Continuous Container Security in 4 Simple Steps- A WhiteSo...WhiteSource
From Zero to Hero: Continuous Container Security in 4 Simple StepsDevOps.com
Webinar: 5 Reasons Primary Cloud Storage is Broken and How to Fix themStorage Switzerland
Similar a Tackling the Container Iceberg:How to approach security when most of your software comes from the community(20)
Más de WhiteSource
Securing Container-Based Applications at the Speed of DevOpsWhiteSource
Deep Dive into Container SecurityWhiteSource
Fire alarms vs. Fire hoses: Keeping up with DependenciesWhiteSource
DevSecOps: Closing the Loop from Detection to RemediationWhiteSource
Winning open source vulnerabilities without loosing your deveopers - Azure De...WhiteSource
SAST (Static Application Security Testing) vs. SCA (Software Composition Anal...WhiteSource
Último
Towards Safe Automated Refactoring of Imperative Deep Learning Programs to Gr...Raffi Khatchadourian
RPA for Finance and Accountingessindiaseo
Empowering Advanced Users: Extending OutSystems UI Framework with Openness an...Bernardo Cardoso
Melbourne MUG - September 2023JayJiang19
Climate Impact of Software TestingKari Kakkonen
Ecological Impact of Native vs. Cross-Platform Mobile Apps: a Preliminary StudyOlivier Le Goaër
Tackling the Container Iceberg:How to approach security when most of your software comes from the community
- 1. 1 Tackling the Container Iceberg: How to approach security when most of your software comes from the community
- 2. 2 THE CONTAINER LIFECYCLE Build RunShip
- 3. 3 THE CONTAINER IMAGES LAYERS
- 4. 4 LET’S START WITH THE OBVIOUS QUESTIONS ▪ Do you use a private registry? ▪ When using a public registry, are the images signed? ▪ Are you running the containers with a root user?
- 5. 5 WHAT ABOUT THE REAL BLIND SPOTS OF USING CONTAINERS?
- 6. THE CHALLENGES OF OPEN SOURCE USAGE Reported Vulnerabilities Are Rising Less Time To Fix
- 7. 7 SECURITY SHOULD BE A BIG CONSIDERATION
- 8. 8 WHAT CAN HELP YOU GAIN VISIBILITY?
- 9. 9 INFUSING SECURITY INTO THE SDLC IS VITAL
- 10. 10 THE QUESTION IS, HOW SOON IN THE SDLC? PLAN CODE BUILD MAINT.DEPLOY
- 11. 11 THE EARLIER, THE CHEAPER AND EASIER TO FIX Coding $80/Defect Build $240/Defect QA & Security $960/Defect Production $7,600/Defect The cost of fixing security and quality issues is rising significantly, as the development cycle advances.
- 12. 12 66% of companies have already implemented application testing during or even pre-build stage. In what stage of the SDLC do you spend most of your time implementing security measures? HOW ARE OTHER COMPANIES HANDLING IT?
- 13. CODEFRESH SLIDES TO ADD???
- 15. Thank You! 15