SlideShare a Scribd company logo

Terrascan - Cloud Native Security Tool

sangam biradar
sangam biradar

This presentation presented at GDG Bangalore meetup give a star :- https://github.com/accurics/terrascan

Technology
1 of 22
Download to read offline
Introducing TerraScan – Cloud Native Security Tool Sangam Biradar Developer Advocate – APAC Accurics Docker Community Leader Okteto / Traefik Amabassdor https://discord.kubedaily.live
How many vulnerability are reported ? Source:- https://nvd.nist.gov/vuln/search/statistics
DevSecOps • Integrate security tools • Create security as code culture • Promote cross skills
RUN CODE COMMIT BUILD DEPLOY Developer DevOps Writes application code Builds infrastructure Operates cloud SAST SCA CSPM Deploys cloud CLOUD SECURITY Securing DevOps workflows is today’s problem. SRE CLOUD COMPUTING Commits code CWPP
Why we need DevSecOps ? Source Code Repository Staging/ CI/CD Server Developer Build Production QA Monitoring Suit of Security Test
Source Code Repository Staging/ CI/CD Server Developer Build Production QA Monitoring Suit of Security Test automate source code review 1 SQL Injection
Threat Modeling • What are we building? • What can go wrong? • What are we going to do about that?
SAST , SCA • Vulnerabilities Detection • Requires Source Code Access • Remediation • SDLC Integration • False Positives • Timeframe • Risk Coverage • SCA (Software Composition Analysis) • SAST (Static Application Security Testing)
DAST , SCA • Dynamic Analysis and Security Testing (DAST) • Dynamic application security testing (DAST) is a type of black-box security testing in which tests are performed by attacking an application from the outside. • Pros • #1 Technology independent • #2 Low false positives • #3 Identifies configuration issues • Cons • #1 Not highly scalable • #2 No code visibility • #3 Slow scans
IAST • IAST typically is implemented by deploying agents and sensors in the application post build. The agent observes the application’s operation and analyzes traffic flow to identify security vulnerabilities. It does this by mapping external signatures or patterns to source code, which allows it to identify more complex vulnerabilities. • IAST test results are usually reported in real time via a web browser, dashboard, or customized report without adding extra time to the CI/CD pipeline. IAST results can also be combined with other issues tracking tools. Pros • #1 Low Number of False Positives • #2 Instant Feedback • #3 Highly Scalable Cons • #1 Limited Language Coverage • #2 Requires a Mature Test Environment • #3 Not Widely Adopted
Configuration Drift • configuration drift occurs whenever someone makes a change to the production environment without recording those changes and without ensuring complete parity between staging and production. And, although it’s unintentional, it can end in unanticipated bugs and the resulting flurry of pleas for rapid incident response. • Critical package updates are made at breakneck speeds to address a security vulnerability or incident and often ignore procedure in favor of speed. • When testing servers, a developer may make a manual configuration change to better document or track a bug, which could help define that issue, but if the configuration change isn’t changed back, it will cause drift. • Adding more resources to bolster server configuration can help systems cope with peak load times but are often unplanned or undocumented, eventually leading to configuration drift.
RASP • RASP is a technology that runs on a server and kicks in when an application runs. It's designed to detect attacks on an application in real time
Secret Management • Often credentials are store in config files • Leakage can result in abuse scenario • Secrets management allows you to tokenize the information
Infrastructure as code • Infrastructure as a code allows you to document & version control the infra • It also allows you to perform audit on the infrastructure • Docker / K8s infra relies on base images • Environment is as secure as the base images • Base images need to be minimal in nature & need to be assessed to identify inherited vulnerabilities
Cloud Native Security approach to security • Different Service Providers Approach Security Differently • All of them provide some of the ingredient In-house • Irrespective of cloud providers some tools will need to be sourced • Static code analysis tool • Dynamic Code Analysis Tool • Software Composition Analysis • Vulnerability Management Tool
Terrascan • Terrascan detects security vulnerabilities and compliance violations across your Infrastructure as Code. Mitigate risks before provisioning cloud native infrastructure. Run locally or integrate with your CICD. • Documentation: https://docs.accurics.com/projects /accurics-terrascan • Discuss: https://community.accurics.com Features • 500+ Policies for security best practices • Scanning of Terraform (HCL2) • Scanning of Kubernetes (JSON/YAML), Helm v3, and Kustomize v3 • Support for AWS, Azure, GCP, Kubernetes and GitHub • Accurics Discord Server ! Join Community • https://discord.gg/G6EyMg4kCP
Introduction To Terrascan
Terrascan using docker • Use terrascan as container • $ docker run --rm --name terrascan -p 9010:9010 accurics/terrascan • curl -i -F "file=@main.tf" localhost:9010/v1/terraform/v14/aws/local/file /scan
terrascan for terraform • terrascan scan -t aws • terrascan scan –t aws | -d terraform-demo
Demo Time
Thank You!

Recommended

XCloudLabs- AWS Overview
XCloudLabs- AWS Overview XCloudLabs- AWS Overview
XCloudLabs- AWS Overview sangam biradar
 
Rabncher Meetup India , Lightweight Kubernetes Development with K3s, k3os and...
Rabncher Meetup India , Lightweight Kubernetes Development with K3s, k3os and...Rabncher Meetup India , Lightweight Kubernetes Development with K3s, k3os and...
Rabncher Meetup India , Lightweight Kubernetes Development with K3s, k3os and...sangam biradar
 
Introducing Pico - A Deep Learning Platform using Docker & IoT - Sangam Biradar
Introducing Pico - A Deep Learning Platform using Docker & IoT - Sangam BiradarIntroducing Pico - A Deep Learning Platform using Docker & IoT - Sangam Biradar
Introducing Pico - A Deep Learning Platform using Docker & IoT - Sangam Biradarsangam biradar
 
DockerCon SF 2015: Faster, Cheaper, Safer
DockerCon SF 2015: Faster, Cheaper, SaferDockerCon SF 2015: Faster, Cheaper, Safer
DockerCon SF 2015: Faster, Cheaper, SaferDocker, Inc.
 
Securing your AWS Deployments with Spinnaker and Armory Enterprise
Securing your AWS Deployments with Spinnaker and Armory EnterpriseSecuring your AWS Deployments with Spinnaker and Armory Enterprise
Securing your AWS Deployments with Spinnaker and Armory EnterpriseDevOps.com
 
Running Azure PaaS Anywhere using Kubernetes
Running Azure PaaS Anywhere using KubernetesRunning Azure PaaS Anywhere using Kubernetes
Running Azure PaaS Anywhere using KubernetesJorge Arteiro
 
56k.cloud intro and pitch deck
56k.cloud intro and pitch deck56k.cloud intro and pitch deck
56k.cloud intro and pitch deckBrian Christner
 
DockerCon SF 2015 : Reliably shipping containers in a resource rich world usi...
DockerCon SF 2015 : Reliably shipping containers in a resource rich world usi...DockerCon SF 2015 : Reliably shipping containers in a resource rich world usi...
DockerCon SF 2015 : Reliably shipping containers in a resource rich world usi...Docker, Inc.
 

Recommended

XCloudLabs- AWS Overview
XCloudLabs- AWS Overview XCloudLabs- AWS Overview
XCloudLabs- AWS Overview sangam biradar
 
Rabncher Meetup India , Lightweight Kubernetes Development with K3s, k3os and...
Rabncher Meetup India , Lightweight Kubernetes Development with K3s, k3os and...Rabncher Meetup India , Lightweight Kubernetes Development with K3s, k3os and...
Rabncher Meetup India , Lightweight Kubernetes Development with K3s, k3os and...sangam biradar
 
Introducing Pico - A Deep Learning Platform using Docker & IoT - Sangam Biradar
Introducing Pico - A Deep Learning Platform using Docker & IoT - Sangam BiradarIntroducing Pico - A Deep Learning Platform using Docker & IoT - Sangam Biradar
Introducing Pico - A Deep Learning Platform using Docker & IoT - Sangam Biradarsangam biradar
 
DockerCon SF 2015: Faster, Cheaper, Safer
DockerCon SF 2015: Faster, Cheaper, SaferDockerCon SF 2015: Faster, Cheaper, Safer
DockerCon SF 2015: Faster, Cheaper, SaferDocker, Inc.
 
Securing your AWS Deployments with Spinnaker and Armory Enterprise
Securing your AWS Deployments with Spinnaker and Armory EnterpriseSecuring your AWS Deployments with Spinnaker and Armory Enterprise
Securing your AWS Deployments with Spinnaker and Armory EnterpriseDevOps.com
 
Running Azure PaaS Anywhere using Kubernetes
Running Azure PaaS Anywhere using KubernetesRunning Azure PaaS Anywhere using Kubernetes
Running Azure PaaS Anywhere using KubernetesJorge Arteiro
 
56k.cloud intro and pitch deck
56k.cloud intro and pitch deck56k.cloud intro and pitch deck
56k.cloud intro and pitch deckBrian Christner
 
DockerCon SF 2015 : Reliably shipping containers in a resource rich world usi...
DockerCon SF 2015 : Reliably shipping containers in a resource rich world usi...DockerCon SF 2015 : Reliably shipping containers in a resource rich world usi...
DockerCon SF 2015 : Reliably shipping containers in a resource rich world usi...Docker, Inc.
 
DockerCon SF 2015: Interconnecting Containers at Scale w/ NGINX
DockerCon SF 2015: Interconnecting Containers at Scale w/ NGINXDockerCon SF 2015: Interconnecting Containers at Scale w/ NGINX
DockerCon SF 2015: Interconnecting Containers at Scale w/ NGINXDocker, Inc.
 
DCEU 18: From Monolith to Microservices
DCEU 18: From Monolith to MicroservicesDCEU 18: From Monolith to Microservices
DCEU 18: From Monolith to MicroservicesDocker, Inc.
 
Serverless security - how to protect what you don't see?
Serverless security - how to protect what you don't see?Serverless security - how to protect what you don't see?
Serverless security - how to protect what you don't see?Sqreen
 
NetflixOSS and ZeroToDocker Talk
NetflixOSS and ZeroToDocker TalkNetflixOSS and ZeroToDocker Talk
NetflixOSS and ZeroToDocker Talkaspyker
 
Keeping your Kubernetes Cluster Secure
Keeping your Kubernetes Cluster SecureKeeping your Kubernetes Cluster Secure
Keeping your Kubernetes Cluster SecureGene Gotimer
 
DCSF19 Kubernetes Security with OPA
DCSF19 Kubernetes Security with OPA DCSF19 Kubernetes Security with OPA
DCSF19 Kubernetes Security with OPA Docker, Inc.
 
Docker Serverless
Docker ServerlessDocker Serverless
Docker ServerlessBrian Christner
 
Kubescape single pane of glass
Kubescape single pane of glassKubescape single pane of glass
Kubescape single pane of glassLibbySchulze1
 
Practical Guide to Securing Kubernetes
Practical Guide to Securing KubernetesPractical Guide to Securing Kubernetes
Practical Guide to Securing KubernetesLacework
 
Whats new in brigade 2
Whats new in brigade 2Whats new in brigade 2
Whats new in brigade 2LibbySchulze
 
The elements of kubernetes
The elements of kubernetesThe elements of kubernetes
The elements of kubernetesAaron Schlesinger
 
AKS Azure Kubernetes Services Workshop Jorge Arteiro
AKS Azure Kubernetes Services Workshop Jorge ArteiroAKS Azure Kubernetes Services Workshop Jorge Arteiro
AKS Azure Kubernetes Services Workshop Jorge ArteiroJorge Arteiro
 
Canary Releases on Kubernetes w/ Spinnaker, Istio, and Prometheus
Canary Releases on Kubernetes w/ Spinnaker, Istio, and PrometheusCanary Releases on Kubernetes w/ Spinnaker, Istio, and Prometheus
Canary Releases on Kubernetes w/ Spinnaker, Istio, and PrometheusKublr
 
Zero-downtime deployment with Kubernetes [Meetup #21 - 01]
Zero-downtime deployment with Kubernetes [Meetup #21 - 01]Zero-downtime deployment with Kubernetes [Meetup #21 - 01]
Zero-downtime deployment with Kubernetes [Meetup #21 - 01]Vietnam Open Infrastructure User Group
 
DCSF 19 Mitigating Legacy Windows Operating System Vulnerabilities with Docke...
DCSF 19 Mitigating Legacy Windows Operating System Vulnerabilities with Docke...DCSF 19 Mitigating Legacy Windows Operating System Vulnerabilities with Docke...
DCSF 19 Mitigating Legacy Windows Operating System Vulnerabilities with Docke...Docker, Inc.
 
Netflix Cloud Platform and Open Source
Netflix Cloud Platform and Open SourceNetflix Cloud Platform and Open Source
Netflix Cloud Platform and Open Sourceaspyker
 
Ricardo Fiel - Microsoft - OSL19
Ricardo Fiel - Microsoft - OSL19Ricardo Fiel - Microsoft - OSL19
Ricardo Fiel - Microsoft - OSL19marketingsyone
 
Netflix Open Source: Building a Distributed and Automated Open Source Program
Netflix Open Source: Building a Distributed and Automated Open Source ProgramNetflix Open Source: Building a Distributed and Automated Open Source Program
Netflix Open Source: Building a Distributed and Automated Open Source Programaspyker
 
End-to-end test automation with Endtest.dev
End-to-end test automation with Endtest.devEnd-to-end test automation with Endtest.dev
End-to-end test automation with Endtest.devKonstantin Tarkus
 
Policy as code what helm developers need to know about security
Policy as code what helm developers need to know about securityPolicy as code what helm developers need to know about security
Policy as code what helm developers need to know about securityLibbySchulze
 
Cncf checkov and bridgecrew
Cncf checkov and bridgecrewCncf checkov and bridgecrew
Cncf checkov and bridgecrewLibbySchulze
 
Past, Present and Future of DevOps Infrastructure
Past, Present and Future of DevOps InfrastructurePast, Present and Future of DevOps Infrastructure
Past, Present and Future of DevOps InfrastructureSynergetics Learning and Cloud Consulting
 

More Related Content

What's hot

DockerCon SF 2015: Interconnecting Containers at Scale w/ NGINX
DockerCon SF 2015: Interconnecting Containers at Scale w/ NGINXDockerCon SF 2015: Interconnecting Containers at Scale w/ NGINX
DockerCon SF 2015: Interconnecting Containers at Scale w/ NGINXDocker, Inc.
 
DCEU 18: From Monolith to Microservices
DCEU 18: From Monolith to MicroservicesDCEU 18: From Monolith to Microservices
DCEU 18: From Monolith to MicroservicesDocker, Inc.
 
Serverless security - how to protect what you don't see?
Serverless security - how to protect what you don't see?Serverless security - how to protect what you don't see?
Serverless security - how to protect what you don't see?Sqreen
 
NetflixOSS and ZeroToDocker Talk
NetflixOSS and ZeroToDocker TalkNetflixOSS and ZeroToDocker Talk
NetflixOSS and ZeroToDocker Talkaspyker
 
Keeping your Kubernetes Cluster Secure
Keeping your Kubernetes Cluster SecureKeeping your Kubernetes Cluster Secure
Keeping your Kubernetes Cluster SecureGene Gotimer
 
DCSF19 Kubernetes Security with OPA
DCSF19 Kubernetes Security with OPA DCSF19 Kubernetes Security with OPA
DCSF19 Kubernetes Security with OPA Docker, Inc.
 
Kubescape single pane of glass
Kubescape single pane of glassKubescape single pane of glass
Kubescape single pane of glassLibbySchulze1
 
Practical Guide to Securing Kubernetes
Practical Guide to Securing KubernetesPractical Guide to Securing Kubernetes
Practical Guide to Securing KubernetesLacework
 
Whats new in brigade 2
Whats new in brigade 2Whats new in brigade 2
Whats new in brigade 2LibbySchulze
 
AKS Azure Kubernetes Services Workshop Jorge Arteiro
AKS Azure Kubernetes Services Workshop Jorge ArteiroAKS Azure Kubernetes Services Workshop Jorge Arteiro
AKS Azure Kubernetes Services Workshop Jorge ArteiroJorge Arteiro
 
Canary Releases on Kubernetes w/ Spinnaker, Istio, and Prometheus
Canary Releases on Kubernetes w/ Spinnaker, Istio, and PrometheusCanary Releases on Kubernetes w/ Spinnaker, Istio, and Prometheus
Canary Releases on Kubernetes w/ Spinnaker, Istio, and PrometheusKublr
 
DCSF 19 Mitigating Legacy Windows Operating System Vulnerabilities with Docke...
DCSF 19 Mitigating Legacy Windows Operating System Vulnerabilities with Docke...DCSF 19 Mitigating Legacy Windows Operating System Vulnerabilities with Docke...
DCSF 19 Mitigating Legacy Windows Operating System Vulnerabilities with Docke...Docker, Inc.
 
Netflix Cloud Platform and Open Source
Netflix Cloud Platform and Open SourceNetflix Cloud Platform and Open Source
Netflix Cloud Platform and Open Sourceaspyker
 
Ricardo Fiel - Microsoft - OSL19
Ricardo Fiel - Microsoft - OSL19Ricardo Fiel - Microsoft - OSL19
Ricardo Fiel - Microsoft - OSL19marketingsyone
 
Netflix Open Source: Building a Distributed and Automated Open Source Program
Netflix Open Source: Building a Distributed and Automated Open Source ProgramNetflix Open Source: Building a Distributed and Automated Open Source Program
Netflix Open Source: Building a Distributed and Automated Open Source Programaspyker
 
End-to-end test automation with Endtest.dev
End-to-end test automation with Endtest.devEnd-to-end test automation with Endtest.dev
End-to-end test automation with Endtest.devKonstantin Tarkus
 
Policy as code what helm developers need to know about security
Policy as code what helm developers need to know about securityPolicy as code what helm developers need to know about security
Policy as code what helm developers need to know about securityLibbySchulze
 

What's hot (20)

DockerCon SF 2015: Interconnecting Containers at Scale w/ NGINX
DockerCon SF 2015: Interconnecting Containers at Scale w/ NGINXDockerCon SF 2015: Interconnecting Containers at Scale w/ NGINX
DockerCon SF 2015: Interconnecting Containers at Scale w/ NGINX
 
DCEU 18: From Monolith to Microservices
DCEU 18: From Monolith to MicroservicesDCEU 18: From Monolith to Microservices
DCEU 18: From Monolith to Microservices
 
Serverless security - how to protect what you don't see?
Serverless security - how to protect what you don't see?Serverless security - how to protect what you don't see?
Serverless security - how to protect what you don't see?
 
NetflixOSS and ZeroToDocker Talk
NetflixOSS and ZeroToDocker TalkNetflixOSS and ZeroToDocker Talk
NetflixOSS and ZeroToDocker Talk
 
Keeping your Kubernetes Cluster Secure
Keeping your Kubernetes Cluster SecureKeeping your Kubernetes Cluster Secure
Keeping your Kubernetes Cluster Secure
 
DCSF19 Kubernetes Security with OPA
DCSF19 Kubernetes Security with OPA DCSF19 Kubernetes Security with OPA
DCSF19 Kubernetes Security with OPA
 
Docker Serverless
Docker ServerlessDocker Serverless
Docker Serverless
 
Kubescape single pane of glass
Kubescape single pane of glassKubescape single pane of glass
Kubescape single pane of glass
 
Practical Guide to Securing Kubernetes
Practical Guide to Securing KubernetesPractical Guide to Securing Kubernetes
Practical Guide to Securing Kubernetes
 
Whats new in brigade 2
Whats new in brigade 2Whats new in brigade 2
Whats new in brigade 2
 
The elements of kubernetes
The elements of kubernetesThe elements of kubernetes
The elements of kubernetes
 
AKS Azure Kubernetes Services Workshop Jorge Arteiro
AKS Azure Kubernetes Services Workshop Jorge ArteiroAKS Azure Kubernetes Services Workshop Jorge Arteiro
AKS Azure Kubernetes Services Workshop Jorge Arteiro
 
Canary Releases on Kubernetes w/ Spinnaker, Istio, and Prometheus
Canary Releases on Kubernetes w/ Spinnaker, Istio, and PrometheusCanary Releases on Kubernetes w/ Spinnaker, Istio, and Prometheus
Canary Releases on Kubernetes w/ Spinnaker, Istio, and Prometheus
 
Zero-downtime deployment with Kubernetes [Meetup #21 - 01]
Zero-downtime deployment with Kubernetes [Meetup #21 - 01]Zero-downtime deployment with Kubernetes [Meetup #21 - 01]
Zero-downtime deployment with Kubernetes [Meetup #21 - 01]
 
DCSF 19 Mitigating Legacy Windows Operating System Vulnerabilities with Docke...
DCSF 19 Mitigating Legacy Windows Operating System Vulnerabilities with Docke...DCSF 19 Mitigating Legacy Windows Operating System Vulnerabilities with Docke...
DCSF 19 Mitigating Legacy Windows Operating System Vulnerabilities with Docke...
 
Netflix Cloud Platform and Open Source
Netflix Cloud Platform and Open SourceNetflix Cloud Platform and Open Source
Netflix Cloud Platform and Open Source
 
Ricardo Fiel - Microsoft - OSL19
Ricardo Fiel - Microsoft - OSL19Ricardo Fiel - Microsoft - OSL19
Ricardo Fiel - Microsoft - OSL19
 
Netflix Open Source: Building a Distributed and Automated Open Source Program
Netflix Open Source: Building a Distributed and Automated Open Source ProgramNetflix Open Source: Building a Distributed and Automated Open Source Program
Netflix Open Source: Building a Distributed and Automated Open Source Program
 
End-to-end test automation with Endtest.dev
End-to-end test automation with Endtest.devEnd-to-end test automation with Endtest.dev
End-to-end test automation with Endtest.dev
 
Policy as code what helm developers need to know about security
Policy as code what helm developers need to know about securityPolicy as code what helm developers need to know about security
Policy as code what helm developers need to know about security
 

Similar to Terrascan - Cloud Native Security Tool

Cncf checkov and bridgecrew
Cncf checkov and bridgecrewCncf checkov and bridgecrew
Cncf checkov and bridgecrewLibbySchulze
 
Implementing Fast IT Deploying Applications at the Pace of Innovation
Implementing Fast IT Deploying Applications at the Pace of Innovation Implementing Fast IT Deploying Applications at the Pace of Innovation
Implementing Fast IT Deploying Applications at the Pace of Innovation Cisco DevNet
 
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4Qualcomm Developer Network
 
Azure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudAzure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudPaulo Renato
 
Getting to Walk with DevOps
Getting to Walk with DevOpsGetting to Walk with DevOps
Getting to Walk with DevOpsEklove Mohan
 
Are Your Containers as Secure as You Think?
Are Your Containers as Secure as You Think?Are Your Containers as Secure as You Think?
Are Your Containers as Secure as You Think?DevOps.com
 
TechTalk 2021: Peran IT Security dalam Penerapan DevOps
TechTalk 2021: Peran IT Security dalam Penerapan DevOpsTechTalk 2021: Peran IT Security dalam Penerapan DevOps
TechTalk 2021: Peran IT Security dalam Penerapan DevOpsDicodingEvent
 
DevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to SecurityDevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to SecurityAlert Logic
 
Patterns and Pains of Migrating Legacy Applications to Kubernetes
Patterns and Pains of Migrating Legacy Applications to KubernetesPatterns and Pains of Migrating Legacy Applications to Kubernetes
Patterns and Pains of Migrating Legacy Applications to KubernetesJosef Adersberger
 
Patterns and Pains of Migrating Legacy Applications to Kubernetes
Patterns and Pains of Migrating Legacy Applications to KubernetesPatterns and Pains of Migrating Legacy Applications to Kubernetes
Patterns and Pains of Migrating Legacy Applications to KubernetesQAware GmbH
 
DevSecCon London 2017: when good containers go bad by Tim Mackey
DevSecCon London 2017: when good containers go bad by Tim MackeyDevSecCon London 2017: when good containers go bad by Tim Mackey
DevSecCon London 2017: when good containers go bad by Tim MackeyDevSecCon
 
DEVNET-1169 CI/CT/CD on a Micro Services Applications using Docker, Salt & Ni...
DEVNET-1169 CI/CT/CD on a Micro Services Applications using Docker, Salt & Ni...DEVNET-1169 CI/CT/CD on a Micro Services Applications using Docker, Salt & Ni...
DEVNET-1169 CI/CT/CD on a Micro Services Applications using Docker, Salt & Ni...Cisco DevNet
 
15-factor-apps.pdf
15-factor-apps.pdf15-factor-apps.pdf
15-factor-apps.pdfNilesh Gule
 
DevSecOps Beginners Guide : How to secure process in DevOps with OpenSource
DevSecOps Beginners Guide : How to secure process in DevOps with OpenSourceDevSecOps Beginners Guide : How to secure process in DevOps with OpenSource
DevSecOps Beginners Guide : How to secure process in DevOps with OpenSourceDevOps Indonesia
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Denim Group
 
Why modern cloud infrastructure require automation
Why modern cloud infrastructure require automationWhy modern cloud infrastructure require automation
Why modern cloud infrastructure require automationGerald Crescione
 
Secure Your Code Implement DevSecOps in Azure
Secure Your Code Implement DevSecOps in AzureSecure Your Code Implement DevSecOps in Azure
Secure Your Code Implement DevSecOps in Azurekloia
 

Similar to Terrascan - Cloud Native Security Tool (20)

Cncf checkov and bridgecrew
Cncf checkov and bridgecrewCncf checkov and bridgecrew
Cncf checkov and bridgecrew
 
Past, Present and Future of DevOps Infrastructure
Past, Present and Future of DevOps InfrastructurePast, Present and Future of DevOps Infrastructure
Past, Present and Future of DevOps Infrastructure
 
Implementing Fast IT Deploying Applications at the Pace of Innovation
Implementing Fast IT Deploying Applications at the Pace of Innovation Implementing Fast IT Deploying Applications at the Pace of Innovation
Implementing Fast IT Deploying Applications at the Pace of Innovation
 
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
 
Azure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudAzure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure Cloud
 
Getting to Walk with DevOps
Getting to Walk with DevOpsGetting to Walk with DevOps
Getting to Walk with DevOps
 
Devops architecture
Devops architectureDevops architecture
Devops architecture
 
Are Your Containers as Secure as You Think?
Are Your Containers as Secure as You Think?Are Your Containers as Secure as You Think?
Are Your Containers as Secure as You Think?
 
56k.cloud training
56k.cloud training56k.cloud training
56k.cloud training
 
TechTalk 2021: Peran IT Security dalam Penerapan DevOps
TechTalk 2021: Peran IT Security dalam Penerapan DevOpsTechTalk 2021: Peran IT Security dalam Penerapan DevOps
TechTalk 2021: Peran IT Security dalam Penerapan DevOps
 
DevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to SecurityDevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to Security
 
Patterns and Pains of Migrating Legacy Applications to Kubernetes
Patterns and Pains of Migrating Legacy Applications to KubernetesPatterns and Pains of Migrating Legacy Applications to Kubernetes
Patterns and Pains of Migrating Legacy Applications to Kubernetes
 
Patterns and Pains of Migrating Legacy Applications to Kubernetes
Patterns and Pains of Migrating Legacy Applications to KubernetesPatterns and Pains of Migrating Legacy Applications to Kubernetes
Patterns and Pains of Migrating Legacy Applications to Kubernetes
 
DevSecCon London 2017: when good containers go bad by Tim Mackey
DevSecCon London 2017: when good containers go bad by Tim MackeyDevSecCon London 2017: when good containers go bad by Tim Mackey
DevSecCon London 2017: when good containers go bad by Tim Mackey
 
DEVNET-1169 CI/CT/CD on a Micro Services Applications using Docker, Salt & Ni...
DEVNET-1169 CI/CT/CD on a Micro Services Applications using Docker, Salt & Ni...DEVNET-1169 CI/CT/CD on a Micro Services Applications using Docker, Salt & Ni...
DEVNET-1169 CI/CT/CD on a Micro Services Applications using Docker, Salt & Ni...
 
15-factor-apps.pdf
15-factor-apps.pdf15-factor-apps.pdf
15-factor-apps.pdf
 
DevSecOps Beginners Guide : How to secure process in DevOps with OpenSource
DevSecOps Beginners Guide : How to secure process in DevOps with OpenSourceDevSecOps Beginners Guide : How to secure process in DevOps with OpenSource
DevSecOps Beginners Guide : How to secure process in DevOps with OpenSource
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
 
Why modern cloud infrastructure require automation
Why modern cloud infrastructure require automationWhy modern cloud infrastructure require automation
Why modern cloud infrastructure require automation
 
Secure Your Code Implement DevSecOps in Azure
Secure Your Code Implement DevSecOps in AzureSecure Your Code Implement DevSecOps in Azure
Secure Your Code Implement DevSecOps in Azure
 

More from sangam biradar

Dockerize Spago Self Contained ML & NLP Library & Deploy on Okteto Cloud Usin...
Dockerize Spago Self Contained ML & NLP Library & Deploy on Okteto Cloud Usin...Dockerize Spago Self Contained ML & NLP Library & Deploy on Okteto Cloud Usin...
Dockerize Spago Self Contained ML & NLP Library & Deploy on Okteto Cloud Usin...sangam biradar
 
Okteto For Kubernetes Developer :- Container Camp 2020
Okteto For Kubernetes Developer :- Container Camp 2020 Okteto For Kubernetes Developer :- Container Camp 2020
Okteto For Kubernetes Developer :- Container Camp 2020 sangam biradar
 
Happy Helming With Okteto
Happy Helming With OktetoHappy Helming With Okteto
Happy Helming With Oktetosangam biradar
 
5 cool ways to get started with Cloud Native Development ( with Okteto)
5 cool ways to get started with Cloud Native Development ( with Okteto)5 cool ways to get started with Cloud Native Development ( with Okteto)
5 cool ways to get started with Cloud Native Development ( with Okteto)sangam biradar
 
Docker + Tenserflow + GOlang - Golang singapore Meetup
Docker + Tenserflow + GOlang - Golang singapore MeetupDocker + Tenserflow + GOlang - Golang singapore Meetup
Docker + Tenserflow + GOlang - Golang singapore Meetupsangam biradar
 
kikstart journey of Golang with Hello world - Gopherlabs
kikstart journey of Golang with Hello world - Gopherlabs kikstart journey of Golang with Hello world - Gopherlabs
kikstart journey of Golang with Hello world - Gopherlabs sangam biradar
 
funcs, func expressions, closure, returning funcs, recursion, the stack -goph...
funcs, func expressions, closure, returning funcs, recursion, the stack -goph...funcs, func expressions, closure, returning funcs, recursion, the stack -goph...
funcs, func expressions, closure, returning funcs, recursion, the stack -goph...sangam biradar
 
Decision making - for loop , nested loop ,if-else statements , switch in goph...
Decision making - for loop , nested loop ,if-else statements , switch in goph...Decision making - for loop , nested loop ,if-else statements , switch in goph...
Decision making - for loop , nested loop ,if-else statements , switch in goph...sangam biradar
 
Types - slice, map, new, make, struct - Gopherlabs
Types - slice, map, new, make, struct - Gopherlabs Types - slice, map, new, make, struct - Gopherlabs
Types - slice, map, new, make, struct - Gopherlabs sangam biradar
 
Cloud Native Okteto Cloud
Cloud Native Okteto Cloud Cloud Native Okteto Cloud
Cloud Native Okteto Cloud sangam biradar
 
Google ko: fast Kubernetes microservice development in Go - Sangam Biradar, E...
Google ko: fast Kubernetes microservice development in Go - Sangam Biradar, E...Google ko: fast Kubernetes microservice development in Go - Sangam Biradar, E...
Google ko: fast Kubernetes microservice development in Go - Sangam Biradar, E...sangam biradar
 
welcome to gopherlabs - why go (golang)?
welcome to gopherlabs - why go (golang)?welcome to gopherlabs - why go (golang)?
welcome to gopherlabs - why go (golang)?sangam biradar
 
TensorFlow, Docker & GoLang - All for Image Rekognition Sangam Biradar(Engine...
TensorFlow, Docker & GoLang - All for Image Rekognition Sangam Biradar(Engine...TensorFlow, Docker & GoLang - All for Image Rekognition Sangam Biradar(Engine...
TensorFlow, Docker & GoLang - All for Image Rekognition Sangam Biradar(Engine...sangam biradar
 
September 7, 2019 Cloud Native and Containerisation (Joint Meetup with Docke...
September 7, 2019 Cloud Native and Containerisation (Joint Meetup with Docke...September 7, 2019 Cloud Native and Containerisation (Joint Meetup with Docke...
September 7, 2019 Cloud Native and Containerisation (Joint Meetup with Docke...sangam biradar
 
Implementing Lightweight Kubernetes(K3s) on Raspberry Pi Stack - Sangam Biradar
Implementing Lightweight Kubernetes(K3s) on Raspberry Pi Stack - Sangam BiradarImplementing Lightweight Kubernetes(K3s) on Raspberry Pi Stack - Sangam Biradar
Implementing Lightweight Kubernetes(K3s) on Raspberry Pi Stack - Sangam Biradarsangam biradar
 
Docker on IOT - Dockercon19 SFO Recap & Announcements, Bangalore
Docker on IOT - Dockercon19 SFO Recap & Announcements, BangaloreDocker on IOT - Dockercon19 SFO Recap & Announcements, Bangalore
Docker on IOT - Dockercon19 SFO Recap & Announcements, Bangaloresangam biradar
 

More from sangam biradar (17)

Dockerize Spago Self Contained ML & NLP Library & Deploy on Okteto Cloud Usin...
Dockerize Spago Self Contained ML & NLP Library & Deploy on Okteto Cloud Usin...Dockerize Spago Self Contained ML & NLP Library & Deploy on Okteto Cloud Usin...
Dockerize Spago Self Contained ML & NLP Library & Deploy on Okteto Cloud Usin...
 
Rustlabs Quick Start
Rustlabs Quick StartRustlabs Quick Start
Rustlabs Quick Start
 
Okteto For Kubernetes Developer :- Container Camp 2020
Okteto For Kubernetes Developer :- Container Camp 2020 Okteto For Kubernetes Developer :- Container Camp 2020
Okteto For Kubernetes Developer :- Container Camp 2020
 
Happy Helming With Okteto
Happy Helming With OktetoHappy Helming With Okteto
Happy Helming With Okteto
 
5 cool ways to get started with Cloud Native Development ( with Okteto)
5 cool ways to get started with Cloud Native Development ( with Okteto)5 cool ways to get started with Cloud Native Development ( with Okteto)
5 cool ways to get started with Cloud Native Development ( with Okteto)
 
Docker + Tenserflow + GOlang - Golang singapore Meetup
Docker + Tenserflow + GOlang - Golang singapore MeetupDocker + Tenserflow + GOlang - Golang singapore Meetup
Docker + Tenserflow + GOlang - Golang singapore Meetup
 
kikstart journey of Golang with Hello world - Gopherlabs
kikstart journey of Golang with Hello world - Gopherlabs kikstart journey of Golang with Hello world - Gopherlabs
kikstart journey of Golang with Hello world - Gopherlabs
 
funcs, func expressions, closure, returning funcs, recursion, the stack -goph...
funcs, func expressions, closure, returning funcs, recursion, the stack -goph...funcs, func expressions, closure, returning funcs, recursion, the stack -goph...
funcs, func expressions, closure, returning funcs, recursion, the stack -goph...
 
Decision making - for loop , nested loop ,if-else statements , switch in goph...
Decision making - for loop , nested loop ,if-else statements , switch in goph...Decision making - for loop , nested loop ,if-else statements , switch in goph...
Decision making - for loop , nested loop ,if-else statements , switch in goph...
 
Types - slice, map, new, make, struct - Gopherlabs
Types - slice, map, new, make, struct - Gopherlabs Types - slice, map, new, make, struct - Gopherlabs
Types - slice, map, new, make, struct - Gopherlabs
 
Cloud Native Okteto Cloud
Cloud Native Okteto Cloud Cloud Native Okteto Cloud
Cloud Native Okteto Cloud
 
Google ko: fast Kubernetes microservice development in Go - Sangam Biradar, E...
Google ko: fast Kubernetes microservice development in Go - Sangam Biradar, E...Google ko: fast Kubernetes microservice development in Go - Sangam Biradar, E...
Google ko: fast Kubernetes microservice development in Go - Sangam Biradar, E...
 
welcome to gopherlabs - why go (golang)?
welcome to gopherlabs - why go (golang)?welcome to gopherlabs - why go (golang)?
welcome to gopherlabs - why go (golang)?
 
TensorFlow, Docker & GoLang - All for Image Rekognition Sangam Biradar(Engine...
TensorFlow, Docker & GoLang - All for Image Rekognition Sangam Biradar(Engine...TensorFlow, Docker & GoLang - All for Image Rekognition Sangam Biradar(Engine...
TensorFlow, Docker & GoLang - All for Image Rekognition Sangam Biradar(Engine...
 
September 7, 2019 Cloud Native and Containerisation (Joint Meetup with Docke...
September 7, 2019 Cloud Native and Containerisation (Joint Meetup with Docke...September 7, 2019 Cloud Native and Containerisation (Joint Meetup with Docke...
September 7, 2019 Cloud Native and Containerisation (Joint Meetup with Docke...
 
Implementing Lightweight Kubernetes(K3s) on Raspberry Pi Stack - Sangam Biradar
Implementing Lightweight Kubernetes(K3s) on Raspberry Pi Stack - Sangam BiradarImplementing Lightweight Kubernetes(K3s) on Raspberry Pi Stack - Sangam Biradar
Implementing Lightweight Kubernetes(K3s) on Raspberry Pi Stack - Sangam Biradar
 
Docker on IOT - Dockercon19 SFO Recap & Announcements, Bangalore
Docker on IOT - Dockercon19 SFO Recap & Announcements, BangaloreDocker on IOT - Dockercon19 SFO Recap & Announcements, Bangalore
Docker on IOT - Dockercon19 SFO Recap & Announcements, Bangalore
 

Recently uploaded

"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 

Recently uploaded (20)

"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 

Terrascan - Cloud Native Security Tool

  • 1. Introducing TerraScan – Cloud Native Security Tool Sangam Biradar Developer Advocate – APAC Accurics Docker Community Leader Okteto / Traefik Amabassdor https://discord.kubedaily.live
  • 2. How many vulnerability are reported ? Source:- https://nvd.nist.gov/vuln/search/statistics
  • 3. DevSecOps • Integrate security tools • Create security as code culture • Promote cross skills
  • 4. RUN CODE COMMIT BUILD DEPLOY Developer DevOps Writes application code Builds infrastructure Operates cloud SAST SCA CSPM Deploys cloud CLOUD SECURITY Securing DevOps workflows is today’s problem. SRE CLOUD COMPUTING Commits code CWPP
  • 5. Why we need DevSecOps ? Source Code Repository Staging/ CI/CD Server Developer Build Production QA Monitoring Suit of Security Test
  • 7.
  • 8. Threat Modeling • What are we building? • What can go wrong? • What are we going to do about that?
  • 9. SAST , SCA • Vulnerabilities Detection • Requires Source Code Access • Remediation • SDLC Integration • False Positives • Timeframe • Risk Coverage • SCA (Software Composition Analysis) • SAST (Static Application Security Testing)
  • 10. DAST , SCA • Dynamic Analysis and Security Testing (DAST) • Dynamic application security testing (DAST) is a type of black-box security testing in which tests are performed by attacking an application from the outside. • Pros • #1 Technology independent • #2 Low false positives • #3 Identifies configuration issues • Cons • #1 Not highly scalable • #2 No code visibility • #3 Slow scans
  • 11. IAST • IAST typically is implemented by deploying agents and sensors in the application post build. The agent observes the application’s operation and analyzes traffic flow to identify security vulnerabilities. It does this by mapping external signatures or patterns to source code, which allows it to identify more complex vulnerabilities. • IAST test results are usually reported in real time via a web browser, dashboard, or customized report without adding extra time to the CI/CD pipeline. IAST results can also be combined with other issues tracking tools. Pros • #1 Low Number of False Positives • #2 Instant Feedback • #3 Highly Scalable Cons • #1 Limited Language Coverage • #2 Requires a Mature Test Environment • #3 Not Widely Adopted
  • 12. Configuration Drift • configuration drift occurs whenever someone makes a change to the production environment without recording those changes and without ensuring complete parity between staging and production. And, although it’s unintentional, it can end in unanticipated bugs and the resulting flurry of pleas for rapid incident response. • Critical package updates are made at breakneck speeds to address a security vulnerability or incident and often ignore procedure in favor of speed. • When testing servers, a developer may make a manual configuration change to better document or track a bug, which could help define that issue, but if the configuration change isn’t changed back, it will cause drift. • Adding more resources to bolster server configuration can help systems cope with peak load times but are often unplanned or undocumented, eventually leading to configuration drift.
  • 13. RASP • RASP is a technology that runs on a server and kicks in when an application runs. It's designed to detect attacks on an application in real time
  • 14. Secret Management • Often credentials are store in config files • Leakage can result in abuse scenario • Secrets management allows you to tokenize the information
  • 15. Infrastructure as code • Infrastructure as a code allows you to document & version control the infra • It also allows you to perform audit on the infrastructure • Docker / K8s infra relies on base images • Environment is as secure as the base images • Base images need to be minimal in nature & need to be assessed to identify inherited vulnerabilities
  • 16. Cloud Native Security approach to security • Different Service Providers Approach Security Differently • All of them provide some of the ingredient In-house • Irrespective of cloud providers some tools will need to be sourced • Static code analysis tool • Dynamic Code Analysis Tool • Software Composition Analysis • Vulnerability Management Tool
  • 17. Terrascan • Terrascan detects security vulnerabilities and compliance violations across your Infrastructure as Code. Mitigate risks before provisioning cloud native infrastructure. Run locally or integrate with your CICD. • Documentation: https://docs.accurics.com/projects /accurics-terrascan • Discuss: https://community.accurics.com Features • 500+ Policies for security best practices • Scanning of Terraform (HCL2) • Scanning of Kubernetes (JSON/YAML), Helm v3, and Kustomize v3 • Support for AWS, Azure, GCP, Kubernetes and GitHub • Accurics Discord Server ! Join Community • https://discord.gg/G6EyMg4kCP
  • 19. Terrascan using docker • Use terrascan as container • $ docker run --rm --name terrascan -p 9010:9010 accurics/terrascan • curl -i -F "file=@main.tf" localhost:9010/v1/terraform/v14/aws/local/file /scan
  • 20. terrascan for terraform • terrascan scan -t aws • terrascan scan –t aws | -d terraform-demo