Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Upcoming SlideShare
What to Upload to SlideShare
Next
Download to read offline and view in fullscreen.

Share

DevSecOps with Confidence

Download to read offline

SpringOne 2020
Maria Gabriella Brodi: Sr. Solution Engineer, VMware;
Prasanna Upperi: Senior Platform Architect, VMware

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all
  • Be the first to like this

DevSecOps with Confidence

  1. 1. DEVSECOPS WITH CONFIDENCE Maria Gabriella Brodi @brodimg Prasanna Upperi @prasannaadn
  2. 2. AGENDA 2 Problem space Environment and Tools Demo Conclusion
  3. 3. DEVSECOPS: A PERSPECTIVE 4 Development Quality Assurance Operations SecurityDevSecOps
  4. 4. WHY SHOULD WE CAREABOUT DEVSECOPS? 5
  5. 5. WHAT DO WE GET FROM DEVSECOPS 6 Predictable Control over the environment Traceable Provides auditing Trusted Scanned and signed artifacts Consistent Avoids configuration drifts
  6. 6. Develop Test Build Scan Sign Deploy Monitor Validate ... REFERENCEPIPELINE Architect Unit Tests Code Coverage Code Scan Dependencies BoM Trusted Sources CVE Scan Configuration Sign Tag Publish Validatesignature ConfigurationCheck DeploymentStrategies Trusted Artifact
  7. 7. Develop Test Build Scan Sign Deploy Monitor Validate ... REFERENCEPIPELINE: SEEDING... Architect Unit Tests IntegrationTests Code Coverage Code Scan Dependencies BoM Trusted Sources CVE Scan Configuration Sign Tag Publish Validatesignature DeploymentStrategies ConfigurationCheck
  8. 8. STARTING ON A SOLID FOUNDATION: TOOLS AND PRACTICES Qualityand security cannot be injected: need to be embedded in the code. • TDD • OWASP Top 10 https://owasp.org/ • Spring Cloud Contract • Static Application Security Testing • Code analysis 9 Test
  9. 9. INTEGRATION TESTS WITH TESTCONTAINERS 10 Test
  10. 10. DOCKERFILES DONE WRONG Build
  11. 11. SECURITY OF CONTAINERS STARTS WITH A SECURE BASE IMAGE. 12 Control over the billing of material: •Source code •Dependent libraries •Base OS Reduce time to rebuild Reuse components Apply CVE Build
  12. 12. DOCKERFILES DONE RIGHT Build
  13. 13. 15 • Based on CNBP • Best practices in each ecosystem • Base images for build and run • Constantly updated SECURITY OF CONTAINERS STARTS WITH A SECURE BASE IMAGE Build
  14. 14. IMAGE SCANNING AND SIGNING 17 • Role-Based Access Control (RBAC) • LDAP/AD Integration • Image Vulnerability Scanning (Clair) • Notary Image Signing • Policy-Based Image Replication • Graphical User Portal & RESTful API • Image Deletion & Garbage Collection • Auditing CLAIRE (scan) IMAGE REGISTRY NOTARY (sign) R E PL IC A TI O N Scan Sign
  15. 15. MESH SOLUTION FOR MULTI OR HYBRID CLOUD: SERVICE MESH 18 Tanzu Service Meshplatform addresses a multitude of connectivity and security use cases in hybrid cloud environments. Global Name Space extends traffic control, security and observability across clusters and IaaS Global control plane controls many data plane Istio deployments manages the lifecycle of Istio from onboarding to Day2 and Day3 operations. Security expandsworkloadstrusted identity across multiple clusters and clouds Deploy Monitor
  16. 16. ADDITIONAL TOOLS 19
  17. 17. DEMO o Push change to git o Automatic build o Automatic test Junit+testcontainers o Automatic image scanning + signing o New Version Rollout (Canary style) o Metrics collection o Automatic Promotion/Rollback 20
  18. 18. • CONCLUSIONS: SHIFT LEFT TO 21 Reduce Reduce risks Maintain Maintain developer speed Embed Embed compliance in the pipeline's stages Improve Improve Observability Avoid Avoid configuration drifts
  19. 19. NEXT STEPS FOR A COMPLETE COVERAGE Tools to manageat scale Cluster security SystemObservability
  20. 20. Special thanks: Madhav Sathe @madhav_sathe Kathy Wan @queenwan
  21. 21. THANK YOU!

SpringOne 2020 Maria Gabriella Brodi: Sr. Solution Engineer, VMware; Prasanna Upperi: Senior Platform Architect, VMware

Views

Total views

237

On Slideshare

0

From embeds

0

Number of embeds

31

Actions

Downloads

17

Shares

0

Comments

0

Likes

0

×