Auto-Cascading Security Updates Through Docker Images

•

0 likes•64 views

Suppose all of your docker images have a security vulnerability, now how do you force a rebuild of these images? How do you deploy the new images without breaking things? In this talk, you’ll learn how to push and audit cascading security updates to hundreds of docker images. All of the tooling we will use is open source so you can easily take advantage of it. You will also learn how to integrate the cascading updates into your Jenkins CI/CD system which enables performing a verified cascade in the correct order.

Technology

ANDREY FALKO - SEPTEMBER 2018
Auto-Cascading
SecurityUpdates
ThroughDocker
Images

Agenda
• The Problem
• Solution
• Live Demo
• Challenges
• Conclusion

Security Researcher
Vulnerability
Code Change
Public Disclosure
Distribution Package
OS Base Image
Python Base Image
Java Base Image
Node Base Image
Application Image
Application Image
Application Image
Application Image

The Problem
Order Matters
OS Base Image Java Base Image Application Image

The Problem
Race Against Time
Vulnerabilities disclosed on a daily basis
The longer you take to update, the longer you are vulnerable

The Problem
Cost
Why not rebuild continuously?

Dockerfile Image Update
Command line tool developed at Salesforce
Designed to be invoked by Jenkins
Open sourced!
https://goo.gl/VQXBXk

Dockerfile Image Update
Scans GitHub for all images that use the parent image
Parent Image: The image name you have just built
Version: The version of the image
Persistance Repo: GitHub repository that contains mapping of image names to desired version
# dockerﬁle-image-update parent <parent image> <version> <persistance repo>

Dockerfile Image Update
Example usage
# dockerﬁle-image-update parent centos_jdk 10 image-tag-store

$Dockerfile Image Update What is in image-tag-store? { "images": { "centos": "7.2-123", "centos_jdk": "10" } }$

Dockerfile Image Update
When do we use it?
For every image in image-tag-store:
Recreate pull requests for images not on intended versions
Run at speciﬁc time cadence
# dockerﬁle-image-update all image-tag-store

LiveDemo
• https://jenkins.afalko.net/jenkins 
• Demo script
- Scan shows images all have vulnerability caused by base OS
- Pull request made to fix base image
- Pull request merged and children updated
- Vulnerability fixed for all images!

Control Over Build
What if you don’t control CI for parent?
FROM ubuntu:latest

Image Versioning
What if you don’t control image versioning?

Intermediate Repository
Remap external image to internal
FROM ubuntu:latest
FROM internal-registry/ubuntu:ca6254c

Time-based Builds
Build at a set cadence

Detect Updated Tags
Track image digests
LATEST 
2f9d158

Unmerged Pull Requests
What if your service owners don’t merge the PRs?

Takeaways
Automate routine security patching
Test before merge
Take extra steps with public images

Further Improvements
Users and Contributors Welcome!
https://goo.gl/VQXBXk
Feature wishlist
Auto-merge support
Maven Spotify plugin support
Update docker-compose and Kubernetes pod.yaml
Expand to other packaging types
Auto-detect changes of image tags
Bitbucket and Gitlab support

Acknowledgements
Thank you!
Min Ho Park: Salesforce intern that wrote initial version of dockerﬁle-image-update
Engineers who helped on design, ﬁxes, features, and production support at Salesforce:
Justin Harringa
Nelson Wolf
Jinesh Doshi
Lyft productivity team who built and designed similar tooling at Lyft:
Ryan Lane
Aneesh Agrawal
Brian Witt

Thank you
SEPTEMBER 2018
https://goo.gl/VQXBXk
Andrey Falko <afalko@lyft.com>

What's hot

Keeping Your CI/CD Pipeline as Fast as It Needs to Be

Abraham Marin-Perez

Continuous Integration, Build Pipelines and Continuous Deployment

Christopher Read

How do you implement Continuous Delivery? Part 3: All about Pipelines

Thoughtworks

WSO2 IoTS Device Manufacturer Guide

hugo lu

This talk describes how we use a scaled approach for CI/CD. The system is set up for iOS and Android Apps but many of the concepts presented are applicable for any type of application. We will cover the different pipeline stages a change goes through, how we automate many levels of testing, treat our CI infrastructure as code, which key metrics we use and we track them on dashboards. All this demonstrates how we can get close to Continuous Delivery for platforms still ruled by App stores.

CI/CD for mobile at HERE

Stefan Verhoeff

Continuous Integration 101

John Ferguson Smart Limited

Continuous delivery applied

Mike McGarr

Introduction To Continuous Integration

Christopher Read

Continuous integration with Jenkins

Mohammad Hossein Rimaz

One of the challenges faced by many web development based projects is the integration of source code for multiple releases during parallel development. The task to build and test the multiple versions of source code can eat out the quality time and limit the efficiency of the development/QA team. The case study focuses to resolve the issues of extensive effort consumed in build and deployment process from multiple branches in source repository and aim at Identification of source code integration issues at the earliest stage. This can further be enhanced to limit the manual intervention by integration of build system with test automation tool. The above can be achieved by using different CI tools (like Hudson/Bamboo/TeamCity/CruiseControl etc) for continuous build preparation and its integration with any test automation suite. The case study specifies the use of CI-Hudson tool for continuous integration using ANT tool for build preparation and further invoking the automation test suite developed using selenium. It also discusses the limitations and challenges of using such an integration system for testing a web based application deployed on Apache Tomcat server. It also details additional plugins available to enhance such an integration of multiple systems and what can be achieved using the above integration.

Continous Integration: A Case Study

Talentica Software

Continuous Integration at T3CON08

Sebastian Kurfürst

Continous integration

Jeremy Wilken

Jumping from Continuous Integration to Continuous Delivery with Jenkins Enter...

CloudBees

Jenkins CI

haochenglee

How do you implement Continuous Delivery? Part 4: Automated Testing

Thoughtworks

State of mobile Continuous Delivery at Spotify

Mobile Delivery Days

Continuous Integration (CI) - An effective development practice

Dao Ngoc Kien

Dev/Test scenarios in DevOps world

Davide Benvegnù

Continuous Integration, Continuous Quality, Continuous Delivery

John Ferguson Smart Limited

Today’s cutting edge companies have software release cycles measured in days instead of months. This agility is enabled by the DevOps practice of continuous delivery, which automates building, testing, and deploying all code changes. This automation helps you catch bugs sooner and accelerates developer productivity. In this session, we’ll share best practices (including ones followed internally at Amazon) and how you can bring them to your company by using open source and AWS services. Speaker: Raghuraman Balachandran, Solutions Architect, Amazon India

Continuous Delivery, Continuous Integration

Amazon Web Services

What's hot (20)

Keeping Your CI/CD Pipeline as Fast as It Needs to Be

Continuous Integration, Build Pipelines and Continuous Deployment

How do you implement Continuous Delivery? Part 3: All about Pipelines

WSO2 IoTS Device Manufacturer Guide

CI/CD for mobile at HERE

Continuous Integration 101

Continuous delivery applied

Introduction To Continuous Integration

Continuous integration with Jenkins

Continous Integration: A Case Study

Continuous Integration at T3CON08

Continous integration

Jumping from Continuous Integration to Continuous Delivery with Jenkins Enter...

Jenkins CI

How do you implement Continuous Delivery? Part 4: Automated Testing

State of mobile Continuous Delivery at Spotify

Continuous Integration (CI) - An effective development practice

Dev/Test scenarios in DevOps world

Continuous Integration, Continuous Quality, Continuous Delivery

Continuous Delivery, Continuous Integration

Similar to Auto-Cascading Security Updates Through Docker Images

DevOps for AI Apps

Richin Jain

Automated testing DrupalCamp in Asheville

Promet Source

This presentation about DevOps will help you understand what is DevOps, how is DevOps different from traditional IT, benefits of DevOps, the lifecycle of DevOps and tools used in DevOps processes. DevOps is one of the most trending IT jobs. It is a collaboration between development and operation teams which enables continuous delivery of applications and services to our end users. However, if you want to become a DevOps engineer, you must have knowledge of various DevOps tools (like Git, Maven, Selenium, Jenkins, Docker, Ansible, Nagios etc.) to achieve automation at each stage which helps in gaining Continuous Development, Continuous Integration, Continuous Testing and Continuous Monitoring in order to deliver a quality product to the client at a very fast pace. Now, let us get started and understand DevOps and does the various DevOps tools work. Below are the topics explained in this DevOps presentation: 1. What is DevOps? 2. Benefits of DevOps 3. Lifecycle of DevOps 4. Tools in DevOps Why learn DevOps? Simplilearn’s DevOps training course is designed to help you become a DevOps practitioner and apply the latest in DevOps methodology to automate your software development lifecycle right out of the class. You will master configuration management; continuous integration deployment, delivery, and monitoring using DevOps tools such as Git, Docker, Jenkins, Puppet, and Nagios in a practical, hands-on and interactive approach. The DevOps training course focuses heavily on the use of Docker containers, a technology that is revolutionizing the way apps are deployed in the cloud today and is a critical skillset to master in the cloud age. After completing the DevOps training course you will achieve hands-on expertise in various aspects of the DevOps delivery model. The practical learning outcomes of this Devops training course are: An understanding of DevOps and the modern DevOps toolsets The ability to automate all aspects of a modern code delivery and deployment pipeline using: 1. Source code management tools 2. Build tools 3. Test automation tools 4. Containerization through Docker 5. Configuration management tools 6. Monitoring tools Who should take this course? DevOps career opportunities are thriving worldwide. DevOps was featured as one of the 11 best jobs in America for 2017, according to CBS News, and data from Payscale.com shows that DevOps Managers earn as much as $122,234 per year, with DevOps engineers making as much as $151,461. DevOps jobs are the third-highest tech role ranked by employer demand on Indeed.com but have the second-highest talent deficit. 1. This DevOps training course will be of benefit the following professional roles: 2. Software Developers 3. Technical Project Managers 4. Architects 5. Operations Support 6. Deployment engineers 7. IT managers 8. Development managers Learn more at https://www.simplilearn.com/cloud-computing/devops-practitioner-certification-training

DevOps Tutorial For Beginners | DevOps Tutorial | DevOps Tools | DevOps Train...

Simplilearn

SymfonyCon Madrid 2014 - Rock Solid Deployment of Symfony Apps

Pablo Godel

Securing deployment pipeline

Len Bass

Jenkins Evolutions - JEEConf 2012

Anton Arhipov

From JavaZone 2014 Video: https://vimeo.com/105851488 Abstract: App deployment and server setup are complex, error-prone and time-consuming. They require OS installers, package managers, configuration recipes, install and deployment scripts, server tuning, hardening and more. But... Is this really necessary? Are we trapped in a mindset of doing things this way just because that's how they've always done? What if we could start over and radically simplify all this? What if, within seconds, and with a single command, we could wrap our application into the bare minimal machine required to run it? What if this machine could then be transported and run unchanged on our laptop and in the cloud? How do the various tools like Docker and Boxfuse fit into this picture? What are their strengths and weaknesses? When should you use them? This talk is for developers and architects wishing to radically improve and simplify how they deploy their applications. It takes Continuous Delivery to a level far beyond what you've seen today. Welcome to Immutable Server generation. This is the new black.

Immutable Server generation: The new App Deployment

Axel Fontaine

Session at ContainerDay Security 2023 on the 8th of March in Hamburg. The ClusterImageScanner detects images in Kubernetes clusters and provides fast feedback based on security scans. Security scans are for example image lifetime or detection of known vulnerabilities. This talk will give insights into: - The use cases of the ClusterImageScanner - The different scans - The architecture - A live demo The ClusterImageScannerScanner is OpenSource, get it from https://github.com/SDA-SE/cluster-image-scanner/.

Container Security Scanning by Timo Pagel

ContainerDay Security 2023

Container Security Scanning by Timo Pagel

ContainerDay Security 2023

End-to-end testing in complex GitOps environments

Etienne Tremel

Asad Faruqui and Moni Mau say that their old regression automation used to take three-to-four days of execution time as they ran against different browser versions, locales, and currencies. They wanted to make the automation framework more efficient so features could go to market faster. Symantec explored Selenium Grid which could reduce the run time by offering some parallelism, but Asad and Moni wanted even more efficiency. They explain how they created both a framework in which they write modular test classes and an engine that can read test cases from a test repository (XML, database, or XLS sheet) and distribute the execution of these tests on virtualized images based on user requirements. If they don't have enough virtual machines, this creates a queue of outstanding jobs. The engine keeps track of results from execution of these classes, reports to the user when complete, and provides substantial error handling. Asad and Moni present this framework so you can learn from their approach and apply this framework to shorten execution times on regression automation.

Turbocharge Your Automation Framework to Shorten Regression Execution Time

Josiah Renaudin

Symfony Live NYC 2014 - Rock Solid Deployment of Symfony Apps

Pablo Godel

Open Source Compliance for DevOps - OSCON 2017

Bianca Xue Jiang

While Docker has enabled an unprecedented velocity of software production, it is all too easy to spin out of control. A promotion-based model is required to control and track the flow of Docker images as much as it is required for a traditional software development lifecycle. New tools often introduce new paradigms. We will examine the patterns and the anti-patterns for Docker image management, and what impact the new tools have on the battle-proven paradigms of the software development lifecycle. This talk takes it from the point that everybody already understand the need in the CI/CD pipeline and some of the basic techniques are taken for granted. It’s much more about tools, processes and automation.

Patterns & Antipatterns in Docker Image Lifecycle

yoavl

Choosing & building the appropriate infrastructure to run your applications in production can be a daunting task. Typically we revisit previous choices as we approach different scales. In this talk we'll cover the two architectures we've been through at Workday so far and speak about our third major architectural change as we ramp up to larger numbers of servers and users. Topics will include: deployment, configuration management, automation tools, build & test pipelines, immutable infrastructure.

Evolving Infrastructure

louisadunne

Evolving Your Distributed Cache In A Continuous Delivery World: Tyler Vangorder

Redis Labs

Share the continuity of Société Générale's journey with Docker Enterprise from different points of view, from executives to devops, with CD platform as an enabler. Creating a Dockerfile that runs a container on a developer's laptop is pretty straightforward. But extending that to stacks of containers running on a dozen environments (development, integration, testing, staging, production, etc.) with different configuration and topologies can be a challenge. This talk will cover aspects of our journey to Docker Enterprise: What configuration should go in an image? Where to put different types of configuration? Images, environment variables, entrypoint, ...? How to store assets for building images and configuration for deployment in version control. We will discuss how Société Générale has implemented these, and what we plan next for Docker Enterprise deployment.

Configuration Management and Transforming Legacy Applications in the Enterpri...

Docker, Inc.

Continuous Delivery Using Jenkins

Cliffano Subagio

Universal React apps in Next.js

🐕 Łukasz Ostrowski

Java tutorial

shalsmart12

Similar to Auto-Cascading Security Updates Through Docker Images (20)

DevOps for AI Apps

Automated testing DrupalCamp in Asheville

DevOps Tutorial For Beginners | DevOps Tutorial | DevOps Tools | DevOps Train...

SymfonyCon Madrid 2014 - Rock Solid Deployment of Symfony Apps

Securing deployment pipeline

Jenkins Evolutions - JEEConf 2012

Immutable Server generation: The new App Deployment

Container Security Scanning by Timo Pagel

End-to-end testing in complex GitOps environments

Turbocharge Your Automation Framework to Shorten Regression Execution Time

Symfony Live NYC 2014 - Rock Solid Deployment of Symfony Apps

Open Source Compliance for DevOps - OSCON 2017

Patterns & Antipatterns in Docker Image Lifecycle

Evolving Infrastructure

Evolving Your Distributed Cache In A Continuous Delivery World: Tyler Vangorder

Configuration Management and Transforming Legacy Applications in the Enterpri...

Continuous Delivery Using Jenkins

Universal React apps in Next.js

Java tutorial

Recently uploaded

MINDCTI Revenue Release Quarter One 2024

MIND CTI

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Zilliz

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

Passkeys: Developing APIs to enable passwordless authentication Cody Salas, Sr Developer Advocate | Solutions Architect - Yubico Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

apidays

FWD Group - Insurer Innovation Award 2024

The Digital Insurer

In the thrilling conclusion to 2023, ransomware groups had a banner year, really outdoing themselves in the "make everyone's life miserable" department. LockBit 3.0 took gold in the hacking olympics, followed by the plucky upstarts Clop and ALPHV/BlackCat. Apparently, 48% of organizations were feeling left out and decided to get in on the cyber attack action. Business services won the "most likely to get digitally mugged" award, with education and retail nipping at their heels. Hackers expanded their repertoire beyond boring old encryption to the much more exciting world of extortion. The US, UK and Canada took top honors in the "countries most likely to pay up" category. Bitcoins were the currency of choice for discerning hackers, because who doesn't love untraceable money?

Ransomware_Q4_2023. The report. [EN].pdf

Overkill Security

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Juan lago vázquez

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

Manulife - Insurer Transformation Award 2024

The Digital Insurer

Tracing the root cause of a performance issue requires a lot of patience, experience, and focus. It’s so hard that we sometimes attempt to guess by trying out tentative fixes, but that usually results in frustration, messy code, and a considerable waste of time and money. This talk explains how to correctly zoom in on a performance bottleneck using three levels of profiling: distributed tracing, metrics, and method profiling. After we learn to read the JVM profiler output as a flame graph, we explore a series of bottlenecks typical for backend systems, like connection/thread pool starvation, invisible aspects, blocking code, hot CPU methods, lock contention, and Virtual Thread pinning, and we learn to trace them even if they occur in library code you are not familiar with. Attend this talk and prepare for the performance issues that will eventually hit any successful system. About authorWith two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Finding Java's Hidden Performance Traps @ DevoxxUK 2024

Victor Rentea

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

AWS Community Day CPH - Three problems of Terraform

Andrey Devyatkin

💉💊+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHABI}}+971581248768 +971581248768 Mtp-Kit (500MG) Prices » Dubai [(+971581248768**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Maya Whatsapp +971581248768 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971581248768''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971581248768' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Cl

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@

Webinar Recording: https://www.panagenda.com/webinars/why-teams-call-analytics-is-critical-to-your-entire-business Nothing is as frustrating and noticeable as being in an important call and being unable to see or hear the other person. Not surprising then, that issues with Teams calls are among the most common problems users call their helpdesk for. Having in depth insight into everything relevant going on at the user’s device, local network, ISP and Microsoft itself during the call is crucial for good Microsoft Teams Call quality support. To ensure a quick and adequate solution and to ensure your users get the most out of their Microsoft 365. But did you know that ‘bad calls’ are also an excellent indicator of other problems arising? Precisely because it is so noticeable!? Like the canary in the mine, bad calls can be early indicators of problems. Problems that might otherwise not have been noticed for a while but can have a big impact on productivity and satisfaction. Join this session by Christoph Adler to learn how true Microsoft Teams call quality analytics helped other organizations troubleshoot bad calls and identify and fix problems that impacted Teams calls or the use of Microsoft365 in general. See what it can do to keep your users happy and productive! In this session we will cover - Why CQD data alone is not enough to troubleshoot call problems - The importance of attributing call problems to the right call participant - What call quality analytics can do to help you quickly find, fix-, and prevent problems - Why having retrospective detailed insights matters - Real life examples of how others have used Microsoft Teams call quality monitoring to problem shoot problems with their ISP, network, device health and more.

Why Teams call analytics are critical to your entire business

panagenda

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the deployment of external web forms using Jotform for Bonterra Impact Management. This solution can be customized to your organization’s needs and deployed to support the common use cases below: - Intake and consent - Assessments - Surveys - Applications - Program registration Interested in deploying web form automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Jeffrey Haguewood

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

Angeliki Cooney has spent over twenty years at the forefront of the life sciences industry, working out of Wynantskill, NY. She is highly regarded for her dedication to advancing the development and accessibility of innovative treatments for chronic diseases, rare disorders, and cancer. Her professional journey has centered on strategic consulting for biopharmaceutical companies, facilitating digital transformation, enhancing omnichannel engagement, and refining strategic commercial practices. Angeliki's innovative contributions include pioneering several software-as-a-service (SaaS) products for the life sciences sector, earning her three patents. As the Senior Vice President of Life Sciences at Avenga, Angeliki orchestrated the firm's strategic entry into the U.S. market. Avenga, a renowned digital engineering and consulting firm, partners with significant entities in the pharmaceutical and biotechnology fields. Her leadership was instrumental in expanding Avenga's client base and establishing its presence in the competitive U.S. market.

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...

Angeliki Cooney

Artificial Intelligence Chap.5 : Uncertainty

Khushali Kathiriya

ICT role in 21st century education and its challenges

rafiqahmad00786416

Recently uploaded (20)

MINDCTI Revenue Release Quarter One 2024

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

FWD Group - Insurer Innovation Award 2024

Ransomware_Q4_2023. The report. [EN].pdf

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

Manulife - Insurer Transformation Award 2024

Finding Java's Hidden Performance Traps @ DevoxxUK 2024

How to Troubleshoot Apps for the Modern Connected Worker

AWS Community Day CPH - Three problems of Terraform

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

Why Teams call analytics are critical to your entire business

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Strategies for Landing an Oracle DBA Job as a Fresher

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...

Artificial Intelligence Chap.5 : Uncertainty

ICT role in 21st century education and its challenges

Auto-Cascading Security Updates Through Docker Images

1. ANDREY FALKO - SEPTEMBER 2018 Auto-Cascading SecurityUpdates ThroughDocker Images

2. Agenda • The Problem • Solution • Live Demo • Challenges • Conclusion

3. TheProblem

4. Security Researcher Vulnerability Code Change Public Disclosure Distribution Package OS Base Image Python Base Image Java Base Image Node Base Image Application Image Application Image Application Image Application Image

5. Security Researcher Vulnerability Code Change Public Disclosure Distribution Package OS Base Image Python Base Image Java Base Image Node Base Image Application Image Application Image Application Image Application Image MANUAL

6. The Problem Order Matters OS Base Image Java Base Image Application Image

7. The Problem Order Matters OS Base Image Java Base Image Application Image

8. The Problem Order Matters OS Base Image Java Base Image Application Image

9. The Problem Race Against Time Vulnerabilities disclosed on a daily basis The longer you take to update, the longer you are vulnerable

10. The Problem Cost Why not rebuild continuously?

11. Solution

12.

13. Developer reviews and merges

14. Dockerfile Image Update Command line tool developed at Salesforce Designed to be invoked by Jenkins Open sourced! https://goo.gl/VQXBXk

15. Dockerfile Image Update Scans GitHub for all images that use the parent image Parent Image: The image name you have just built Version: The version of the image Persistance Repo: GitHub repository that contains mapping of image names to desired version # dockerﬁle-image-update parent <parent image> <version> <persistance repo>

16. Dockerfile Image Update Example usage # dockerﬁle-image-update parent centos_jdk 10 image-tag-store

17. Dockerfile Image Update What is in image-tag-store? { "images": { "centos": "7.2-123", "centos_jdk": "10" } }

18. Dockerfile Image Update When do we use it? For every image in image-tag-store: Recreate pull requests for images not on intended versions Run at speciﬁc time cadence # dockerﬁle-image-update all image-tag-store

19.

20. LiveDemo

21. LiveDemo • https://jenkins.afalko.net/jenkins  • Demo script - Scan shows images all have vulnerability caused by base OS - Pull request made to fix base image - Pull request merged and children updated - Vulnerability fixed for all images!  

22. Challenges

23. Control Over Build What if you don’t control CI for parent? FROM ubuntu:latest

24. Image Versioning What if you don’t control image versioning?

25. Intermediate Repository Remap external image to internal FROM ubuntu:latest FROM internal-registry/ubuntu:ca6254c

26. Time-based Builds Build at a set cadence

27. Detect Updated Tags Track image digests LATEST  2f9d158

28. Unmerged Pull Requests What if your service owners don’t merge the PRs?

29. Conclusion

30. Takeaways Automate routine security patching Test before merge Take extra steps with public images

31. Further Improvements Users and Contributors Welcome! https://goo.gl/VQXBXk Feature wishlist Auto-merge support Maven Spotify plugin support Update docker-compose and Kubernetes pod.yaml Expand to other packaging types Auto-detect changes of image tags Bitbucket and Gitlab support

32. Acknowledgements Thank you! Min Ho Park: Salesforce intern that wrote initial version of dockerﬁle-image-update Engineers who helped on design, ﬁxes, features, and production support at Salesforce: Justin Harringa Nelson Wolf Jinesh Doshi Lyft productivity team who built and designed similar tooling at Lyft: Ryan Lane Aneesh Agrawal Brian Witt

33. Thank you SEPTEMBER 2018 https://goo.gl/VQXBXk Andrey Falko <afalko@lyft.com>

Auto-Cascading Security Updates Through Docker Images

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Auto-Cascading Security Updates Through Docker Images

Similar to Auto-Cascading Security Updates Through Docker Images (20)

Recently uploaded

Recently uploaded (20)

Auto-Cascading Security Updates Through Docker Images