In Collaboration with DevOps.com, WhiteSource's Shiri Ivtsan discussed in this webinar the main security challenges organizations face when using containers.
6. VMs vs Containers: The Security Aspect
“The sum of the different points where an
unauthorized user can try to enter data to
or extract data from an environment.
Keeping the attack surface as small as
possible is a basic security measure”
Attack Surface
7. VMs vs Containers: The Security Aspect
▪ Repackaged image
▪ Run as-is
▪ Invisible to most security tools
▪ Automated, fast-moving
▪ Internal host networking
8. Docker Image vs. Docker Container
An image is an inert, immutable, file which is
essentially a snapshot of a container. Images are
created with the build command, and they'll
produce a container when started with
run. Images are stored in Docker registries.
12. Let’s Start With Some Questions
▪ Do you use a private registry?
▪ When using a public registry, are the
images signed?
▪ Do you regularly scan your images?
▪ How quickly are images rebuilt with
security fixes?
13. Step 1: CI/CD Gates
Step 2: Trusted Sources
Step 3: Don’t Use Defaults
Your
Tactics
Step 4: Manage Deployments
14. Step 1: CI/CD Gates
Integrate security
testing into your
build and CI process
DevOps
Build
TestDeploy
15. Step 1: CI/CD Gates
Use automated
policies to fail
builds with issues