Deploy Secure Cloud-Native Apps Fast

•Download as PPTX, PDF•

1 like•180 views

Watch the webinar at: https://codefresh.io/events/devsecops-deploy-secure-cloud-native-apps-fast/ Modern enterprises are constantly evolving their development practices by automating manual processes to deliver applications to market more quickly. This new “DevOps” model of application development enables organizations to more effectively serve their customers by bringing products to market faster. When it comes to security, however, this method comes with an added layer of complexity. In order to securely manage the velocity and scale of agile software delivery, DevOps teams must adopt a “security-first” mentality. This is done by shifting security considerations to the left and building security into their development pipeline. In this webinar, we’ll show you how you can: Build software quickly, using custom job orchestration See all of your builds, including failed builds and slow tests Identify vulnerabilities and malware in your images as you build your application

© 2019 Aqua Security Software Ltd., All Rights Reserved
@texanraj
DevOps - Deploy Secure Cloud
Native Apps FAST
Aqua Security
Raj Seshadri – Solutions Architect
raj@aquasec.com
@texanraj

2 @texanraj
Cloud native technology brings a dramatic shift
in speed, scale and networking
Dev cycles
Scale
Connectivity
Infrequent,
major releases
10x per host,
weeks/months
Few apps,
few nodes
Continuous
deployment
1000x per
host,
hours/days
Dozens of
interconnected
micro services
Attack
surface
CONTAINER
VM

5
Security as a
shared
responsibility
Protect workloads
with focus on
prevention
Secure Once,
Run Anywhere
 “Shift left” security, fix
issues early and fast
 Whitelist good behavior,
preventing anomalies
 Secure the application
uniformly across clouds
and platforms
Aqua Security: Our Approach
Make Cloud-Native the most secure, predictable and controlled
platform for running critical applications

6 @texanraj
The Container Lifecycle
Changes move in one direction
Track image and
ensure integrity
Block unapproved
images
Enforce image risk
policy
Scan for vulnerabilities,
malware, OSS, secrets
Base-image policy
Check configuration
Cryptographic
digest of image
What is the risk of running an image? What can a running container do?
Hard-
Coded
Secrets
Malware
Known
CVEsOSS
Licenses
Unapproved
Base
Images
Build Ship Run

7 @texanraj
Shift Left: Baked-In vs Bolt-On Security
Build RunShip
 
• Unique digest
• Continuous scan for CVEs
• CVE blacklist & whitelist
• Risk Score
• Feedback to developers
1 2 3
Aqua Cyber
Intelligence

9 @texanraj
Integration into Codefresh CI

10 @texanraj
Aqua Image Scanning
Key Features
 CVE scanning based on multiple sources (NVD,
vendor advisories, proprietary research) - updated
continuously
 Scans for hard-coded secretes in images (tokens,
private keys, certificates)
 Scans for malware
 Checks best practice configuration issues
 Supports all Docker registries
 Native plug-ins for CI/CD including Codefresh,
Jenkins, VSTS, Bamboo and others
Languages

11 @texanraj
Aqua Runtime: Focus on Prevention
 Immutable applications are easier to
protect:
 Updates should only be done via a monitored
build process
 Any change made to a running application is
therefore suspicious
 Aqua checks application contents against
its originating build artifact
 If a change is detected – generates alert,
can block the specific change attempt
Original
Application
Observed
Behavior
Protected
Application
















 
 

12 @texanraj
 Runs checks against all 200+
CIS tests
 Provides a scored report of
the results
 Can be scheduled to run daily
Aqua is a CIS SecureSuite member
Kubernetes & Docker CIS Benchmarks

13 @texanraj
Kubernetes Open Source Security Tools
Open-source project automates CIS Benchmark testing
• Get it at https://github.com/aquasecurity/kube-bench
Open-source project for pen-testing Kubernetes deployments
• Get it at https://kube-hunter.aquasec.com/

14 @texanraj
Containers Present an Opportunity
for Better Security
 Prevent unknown images
 Stop image by CVEs and score
 Stop user privilege escalation
 Stop suspicious processes
 Control capabilities
 Enforce network isolation
 Protect the host resources
 Encrypt sensitive variables
 Enforce use of automation tools
 Visibility across the environment

15 @texanraj
Secure your workloads
 Prepare a plan
 Involve your teams
 Use the tools at hand
Try Aqua and Secure Your Cloud Native Workloads Today
Try Aqua on a Cloud Marketplace

An introduction to the devsecops webinar will be presented by me at 10.30am EST on 29th July,2018. It's a session focussed on high level overview of devsecops which will be followed by intermediate and advanced level sessions in future. Agenda: -DevSecOps Introduction -Key Challenges, Recommendations -DevSecOps Analysis -DevSecOps Core Practices -DevSecOps pipeline for Application & Infrastructure Security -DevSecOps Security Tools Selection Tips -DevSecOps Implementation Strategy -DevSecOps Final Checklist

Agile Network India | DevSecOps - The What and the Why | Ritesh Shregill

AgileNetwork

Outpost24 webinar mastering container security in modern day dev ops

Outpost24

Microservices docker-security

Sergio Loureiro

Dev week cloud world conf2021

Archana Joshi

Talk to executives in IT divisions of large enterprises about security and invariably the conversation will hover around DevSecOps pipeline. Is DevSecOps the only thing you need to do for security in your IT division or is there more? What impact does bringing in secure culture in an engineering context mean? What handshake is needed between the IT function and the security / risk function for large enterprises? How does this impact roles and responsibilities of a developer? This talk is an attempt to answer questions such as these using a real world examples of transformations seen in Fortune 100 companies.

Third Party Performance (Velocity, 2014)

Guy Podjarny

Third party components are a part of any modern site: JS libs, analytics, trackers, share buttons, ads. Many components, each adding its performance cost, cause render delays or can effectively take your site down. This isn’t your code nor your servers, so what can you do about it? This presentation will answer this question with strategies and tactics for keeping 3rd parties from taking you down. This talk was given at Velocity Santa Clara, 2014: The presentation from Velocity Santa Clara, 2014 (http://velocityconf.com/velocity2014/public/schedule/detail/35448).

How to Secure Containerized Applications

DevOps.com

Containers, Kubernetes, and Docker - oh my! These innovative tools have exploded in popularity over the last ten years, and with good reason - allowing for containerized applications gives development teams the flexibility they need to move and deploy quickly. But in the rush to modernize, it’s easy to forget about security. Although applications are now distributed across containers, they are still vulnerable to Layer-7 attacks and malicious activity. In this webinar, Doug Coburn, Director of Professional Services at Signal Sciences, will walk through: An overview on containerized applications and how it fits into a DevOps workflow Where and how containers are vulnerable to Layer 7 attacks Evaluating tools and processes for deploying security across containers and containerized apps

Link to Youtube video: https://youtu.be/-awH_CC4DLo You can contact me at abhimanyu.bhogwan@gmail.com My linkdin id : https://www.linkedin.com/in/abhimanyu-bhogwan-cissp-ctprp-98978437/ Basic Introduction to DevSecOps concept Why What and How for DevSecOps Basic intro for Threat Modeling Basic Intro for Security Champions 3 pillars of DevSecOps 6 important components of a DevSecOps approach DevSecOps Security Best Practices How to integrate security in CI/CD pipeline

DevSecOps Days SF at RSA Conference 2018

DevSecOps Days

DevSecOps - CrikeyCon 2017

kieranjacobsen

DevSecOps, or SecDevOps has the ambitious goal of integrating development, security and operations teams together, encouraging faster decision making and reducing issue resolution times. This session will cover the current state of DevOps, how DevSecOps can help, integration pathways between teams and how to reduce fear, uncertainty and doubt. We will look at how to move to security as code, and integrating security into our infrastructure and software deployment processes.

Equifax cyber attack contained by containers

Aqua Security

From Zero To Hero: Continuous Container Security in 4 Simple Steps- A WhiteSo...

WhiteSource

A journey from dev ops to devsecops

Veritis Group, Inc

Practical DevSecOps Using Security Instrumentation

VMware Tanzu

Protecting the Mac Environment: Technical Insightimagazinepl

Security at the Speed of Software - Twistlock

Amazon Web Services

by Twistlock With containers, teams worldwide are deploying faster than ever before. But traditional security practices are slow and manual - leaving many users a choice between strong security or DevOps speed. In this talk, we'll outline how adopting a new 'cloud native' approach to security lets you recognize all the benefits of containerized deployment - and enjoy stronger protection than ever before.

CI/CD pipeline security from start to finish with WhiteSource & CircleCI

WhiteSource

Open source software components play an important role by providing us with the building blocks of our products. However, even as we enjoy the benefits of open source components, they are not without their challenges, especially when it comes to security vulnerabilities. In this webinar with Circle CI, you'll learn how: - WhiteSource Orb can help teams catch vulnerabilities within open source components at early stages of the development cycle - You can start implementing the WhiteSource CircleCI orb into your CI configuration - To gain insights into your software helping you make smarter decisions in working with open source components.

DevSecOps, The Good, Bad, and Ugly

4ndersonLin

On the impact of security vulnerabilities in the npm package dependency network

Tom Mens

Presentation slides of MSR 2018 article, co-authored by Alexandre Decan, Tom Mens and Eleni Constantinou from University of Mons, Belgium. Research carried out as part of the SECOHealth and SECO-ASSIST research projects. Abstract: Security vulnerabilities are among the most pressing problems in open source software package libraries. It may take a long time to discover and fix vulnerabilities in packages. In addition, vulnerabilities may propagate to dependent packages, making them vulnerable too. This paper presents an empirical study of nearly 400 security reports over a 6-year period in the npm dependency network containing over 610k JavaScript packages. Taking into account the severity of vulnerabilities, we analyse how and when these vulnerabilities are discovered and fixed, and to which extent they affect other packages in the packaging ecosystem in presence of dependency constraints. We report our findings and provide guidelines for package maintainers and tool developers to improve the process of dealing with security issues.

DevSecCon Boston 2018: Building a practical DevSecOps pipeline for free by Je...

DevSecCon

Python Web Conference 2022 - Why should devs care about container security.pdf

Eric Smalling

https://2022.pythonwebconf.com/presentations/why-should-developers-care-about-container-security Container scanning tools, industry publications, and application security experts are constantly telling us about best practices for how to build our images and run our containers. Often these non-functional requirements seem abstract and are not described well enough for those of us that don't have an appsec background to fully understand why they are important. In this session, we will: go over several of the most common practices to best containerize Python applications show examples of how your application can be exploited in a container and most importantly, how to easily spot issues and fix your Dockerfiles and deployment manifests before you commit your code

Reality Check: Security in the Cloud

Alert Logic

Introducing a Security Feedback Loop to your CI Pipelines

Codefresh

Watch the webinar here: https://codefresh.io/security-feedback-loop-lp/ Sign up for a FREE Codefresh account today: https://codefresh.io/codefresh-signup/ We're all looking at ways to prevent vulnerabilities from escaping into our production environments. Why not require scans of your Docker images before they're even uploaded to your production Docker registry? SHIFT LEFT! Codefresh has worked with Twistlock to run Twist CLI using a Docker image as a build step in CI pipelines. Join Codefresh, Twistlock, and Steelcase as we demonstrate setting up vulnerability and compliance thresholds in a CI pipeline. We will show you how to give your teams access to your Docker images' security reports & trace back to your report from your production Kubernetes cluster using Codefresh.

Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...

Cloud Native Day Tel Aviv

Traditionally, security teams have been accustomed to investigating incidents and falling back to previous code releases if they detect serious issues. With the rise of modern cloud-native applications and immutable infrastructure, however, security engineers have new solutions at their fingertips. Immutable infrastructure refers to infrastructure with components that are designed to be destroyed and replaced with new versions whenever a change is necessary. This makes immutable infrastructure different from conventional deployment technologies, in which components were typically updated while they were still running rather than being redeployed whenever a change takes place. In this session, Dima Stopel will discuss the changing security landscape and how immutable infrastructure and cloud-native technologies such as containers, can make tedious, risk-prone security workflows a thing of the past.

AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...

Lacework

Join the Lacework team for AWS Security Week at the AWS Loft in New York for a hands-on demonstration of Lacework. See how behavioral analysis can be applied at scale for continuous security and compliance monitoring of your AWS infrastructure. Chris Pedigo, Senior SE at Lacework, will walk attendees through Lacework with a specific focus on how we automatically analyze AWS CloudTrail and AWS Config data to ensure that security best practices are in place and that data anomalies are detected to help prevent ransomware, Bitcoin mining, or container security issues. The session will be interactive; attendees should come prepared for hands-on work on AWS accounts and console and have a Linux shell available in order to get the most from the workshop. Attendees will have access to the Lacework team to get individual attention for trial account set-up after the session.

Leveraging Osquery for DFIR @ Scale _BSidesSF_2020

Sohini Mukherjee

DevSecOps for you Full Stack

Ron Nixon

Modernizing Java Apps with Docker

Docker, Inc.

Docker provides PODA (Package Once Deploy Anywhere) and complements WORA (Write Once Run Anywhere) provided by Java. It also helps you reduce the impedance mismatch between dev, test, and production environment and simplifies Java application deployment. This session will explain how to: * Run your first Java application with Docker * Package your Java application with Docker * Share your Java application using Docker Hub * Deploy your Java application using Maven * Deploy your application using Docker for AWS * Scale Java services with Docker Engine swarm mode * Package your multi-container application and use service discovery * Monitor your Docker + Java applications * Build a deployment pipeline using common tools

Containers vs. VMs: It's All About the Apps!

Steve Wilson

There has been much hype about whether Containers will replace Virtual Machines for use in Cloud architectures. We’ll look at the strengths of each technology and how they apply in real-world usage. By taking a top-down (Application-first) approach to requirements analysis, versus a bottoms-up (Infrastructure-first) approach, we can see how unique architectures will emerge that can balance the needs of Developers, DevOps and corporate IT.

What's hot

Introduction to DevSecOps

abhimanyubhogwan

DevSecOps Days SF at RSA Conference 2018

DevSecOps Days

DevSecOps - CrikeyCon 2017

kieranjacobsen

Equifax cyber attack contained by containers

Aqua Security

From Zero To Hero: Continuous Container Security in 4 Simple Steps- A WhiteSo...

WhiteSource

A journey from dev ops to devsecops

Veritis Group, Inc

Practical DevSecOps Using Security Instrumentation

VMware Tanzu

Protecting the Mac Environment: Technical Insightimagazinepl

Security at the Speed of Software - Twistlock

Amazon Web Services

CI/CD pipeline security from start to finish with WhiteSource & CircleCI

WhiteSource

DevSecOps, The Good, Bad, and Ugly

4ndersonLin

On the impact of security vulnerabilities in the npm package dependency network

Tom Mens

DevSecCon Boston 2018: Building a practical DevSecOps pipeline for free by Je...

DevSecCon

Python Web Conference 2022 - Why should devs care about container security.pdf

Eric Smalling

Reality Check: Security in the Cloud

Alert Logic

Introducing a Security Feedback Loop to your CI Pipelines

Codefresh

Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...

Cloud Native Day Tel Aviv

AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...

Lacework

Leveraging Osquery for DFIR @ Scale _BSidesSF_2020

Sohini Mukherjee

DevSecOps for you Full Stack

Ron Nixon

What's hot (20)

Introduction to DevSecOps

DevSecOps Days SF at RSA Conference 2018

DevSecOps - CrikeyCon 2017

Equifax cyber attack contained by containers

From Zero To Hero: Continuous Container Security in 4 Simple Steps- A WhiteSo...

A journey from dev ops to devsecops

Practical DevSecOps Using Security Instrumentation

Protecting the Mac Environment: Technical Insight

Security at the Speed of Software - Twistlock

CI/CD pipeline security from start to finish with WhiteSource & CircleCI

DevSecOps, The Good, Bad, and Ugly

On the impact of security vulnerabilities in the npm package dependency network

DevSecCon Boston 2018: Building a practical DevSecOps pipeline for free by Je...

Python Web Conference 2022 - Why should devs care about container security.pdf

Reality Check: Security in the Cloud

Introducing a Security Feedback Loop to your CI Pipelines

Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...

AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...

Leveraging Osquery for DFIR @ Scale _BSidesSF_2020

DevSecOps for you Full Stack

Similar to Deploy Secure Cloud-Native Apps Fast

Modernizing Java Apps with Docker

Docker, Inc.

Containers vs. VMs: It's All About the Apps!

Steve Wilson

Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...

Shannon Williams

Security should be integrated into every phase of the container application development life cycle, from build to ship to run. On August 31st, we hosted an online meetup to discuss the issues that need be addressed to achieve continuous security for containers. The presentation included speakers from Rancher Labs (www.rancher.com), NeuVector (www.neuvector.com) and Black Duck Software (www.blackducksoftware.com) who discussed: - Best practices for preparing your environment for secure deployment - How to secure containers during run-time - Actionable next steps to protect your applications

Faster safer and 100 user centric application at equifax with docker

Docker, Inc.

What's new in containers

Microsoft

Java EE Modernization with Mesosphere DCOS

Mesosphere Inc.

AWS live hack: Atlassian + Snyk OSS on AWS

Eric Smalling

Introduction to Docker - 2017

Docker, Inc.

Docker is the world’s leading software container platform. Developers use Docker to eliminate “works on my machine” problems when collaborating on code with co-workers. Operators use Docker to run and manage apps side-by-side in isolated containers to get better compute density. Enterprises use Docker to build agile software delivery pipelines to ship new features faster, more securely and with confidence for both Linux and Windows Server apps.

Application security in current era

ajitdhumale

How to containerize at speed and at scale with Docker Enterprise Edition, mov...

Kangaroot

Demystifying Containerization Principles for Data Scientists

Dr Ganesh Iyer

Governance for your Modern Application Platform - November 4, 2020

VMware Tanzu

Simplify and Scale Enterprise Spring Apps in the Cloud | March 23, 2023

VMware Tanzu

Applied Security for Containers, OW2con'18, June 7-8, 2018, Paris

OW2

There’s a constant rise of the container usage in the existing cloud ecosystem. Most companies are evaluating how to migrate to newer, flexible and automated platform for content and application delivery. The containers are building themselves alone across the business, but who's securing them? This presentation discusses the evolution of infrastructure solutions from servers to containers, how can they be secured. What opensource security options are available today? Where is the future leading towards container security? What will come after containers?

Docker Enterprise Edition Overview by Steven Thwaites, Technical Solutions En...

Ashnikbiz

This was presented by Steven Thwaites, Technical Solutions Engineer at Docker at Cloud Expo Asia. Docker is the only Containers-as-a-Service platform for IT that manages and secures diverse applications across disparate infrastructure, both on-premises and in the cloud. It covers topics like: VMs vs Containers The Docker Ecosystem How to Build and Ship your Docker Image Unique Advantages with Docker EE and more

Microservices docker-security

SecludIT

Dockers and kubernetes

Dr Ganesh Iyer

8 - OpenShift - A look at a container platform: what's in the box

Kangaroot

Netflix Cloud Architecture and Open Source

aspyker

Java Microservices HJUGLana Kalashnyk

Similar to Deploy Secure Cloud-Native Apps Fast (20)

Modernizing Java Apps with Docker

Containers vs. VMs: It's All About the Apps!

Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...

Faster safer and 100 user centric application at equifax with docker

What's new in containers

Java EE Modernization with Mesosphere DCOS

AWS live hack: Atlassian + Snyk OSS on AWS

Introduction to Docker - 2017

Application security in current era

How to containerize at speed and at scale with Docker Enterprise Edition, mov...

Demystifying Containerization Principles for Data Scientists

Governance for your Modern Application Platform - November 4, 2020

Simplify and Scale Enterprise Spring Apps in the Cloud | March 23, 2023

Applied Security for Containers, OW2con'18, June 7-8, 2018, Paris

Docker Enterprise Edition Overview by Steven Thwaites, Technical Solutions En...

Microservices docker-security

Dockers and kubernetes

8 - OpenShift - A look at a container platform: what's in the box

Netflix Cloud Architecture and Open Source

Java Microservices HJUG

More from Codefresh

Detect, debug, deploy with Codefresh and Lightstep

Codefresh

In today’s fast-paced and dynamic development environment, minutes matter. How do you know if the changes that you’re making to your microservices are having the desired impact on your end-users? With Codefresh and Lightstep, you’re able to more quickly, more accurately, and more easily ensure that any commit and build results in a better experience for your end-users. Join us for this live workshop where you’ll learn: how to easily set up continuous delivery of your code with Codefresh, and how to measure the impact of a deployment in Lightstep (both free accounts!). You'll also learn how to easily instrument an application with OpenTelemetry in order to view metrics and traces of every request. In addition, you’ll see how easy it is to detect regressions and roll back to a healthy and stable state. You’ll be amazed at how easy it is!

CICD Pipelines for Microservices: Lessons from the Trenches

Codefresh

You have finally split your big monolith into microservices built on top of Kubernetes! Now what? How do you validate a more complex application? And how do you make it scale? In this live talk, we look at two case studies, Expedia’s journey to microservices, and Codefresh. If you try to treat microservices like monoliths you’ll end up with thousands of broken pipelines that are impossible to maintain. Learn from the mistakes of the past and let us show you how we fought our way to something much better! This live talk has everything, tech tips, best practices, and yes, even the fabled business value that our bosses all seem to care so much about!

Simplify Your Code with Helmfile

Codefresh

WATCH THE WEBINAR HERE:https://codefresh.io/events/simplify-code-helmfile/ You’ve got Helm deploying Charts via Codefresh but now how do you deal with Helm chart dependencies? There has to be a better solution than a Chart of Charts? How do I DRY out my Helm charts and simplify my Codefresh Pipelines for multiple environments? How do I create secrets in Codefresh? Is there another way than using Encrypted Secrets / Environment Variables? Helmfile has solutions to all these common problems and more. In this talk, we will go over some of the common problems you can solve with Helmfile and how you can use it to simplify your code and Codefresh Pipelines.

Making the Most of Helm 3 with Codefresh

Codefresh

WATCH THE WEBINAR HERE: https://codefresh.io/events/making-helm-3-codefresh/ Building upon the success of Helm 2, Helm 3 has recently been released and the server-side component, Tiller, is finally gone (yay)! Helm works out-of-the-box with Codefresh, so releasing your Helm 3 applications is as easy as pie. In this webinar, you will see how engineers use Helm 3 to develop software faster. Learn how to build Helm pipelines, view Helm releases, and monitor Helm environments. Still using Helm 2? Not to worry. With a click of a button, you can manage both Helm 2 and Helm 3 clusters simultaneously!

5 Simple Tips for Troubleshooting Your Kubernetes Pods

Codefresh

Watch the webinar here: https://codefresh.io/events/5-simple-tips-troubleshooting-kubernetes-pods/ Once you start working with Kubernetes, and you deployed some applications to a cluster, you may have encountered issues where the application has not been deployed correctly or is not working as it should. In this webinar, we will explain the different statuses and error messages, and offer troubleshooting tips to resolve such situations swiftly!

Best Practices for Microservice CI/CD: Lessons from Expedia and Codefresh

Codefresh

Hybrid CI/CD with Kubernetes & Codefresh

Codefresh

WATCH THE WEBINAR HERE: https://youtu.be/2qeTadriUPY Even though the public cloud has changed the way companies deploy and run applications, there are several cases (finance/healthcare) where all services of an organization are running in secure on-premise datacenters behind strict firewalls, in remote storefronts, or even in mobile locations with low connectivity. In this webinar, we will see how you can include these secure and remote services in your CI/CD pipelines, without compromising security and without opening firewall ports. We will use Codefresh and the new Codefresh Runner that can run wherever your clusters live. Sign up for your FREE Codefresh account with Unlimited builds at Codefresh.io

VM vs Docker-Based Pipelines

Codefresh

For years people have been using VM-based CI platforms where they are managing build nodes that run their CI workflows. A few years ago, Codefresh revolutionized the CI/CD world and became the first container-native CI/CD platform. **WATCH THE WEBINAR AT https://Codefresh.io/events ** In this webinar, we will look at the differences between VM-based CI pipelines and Docker-based CI pipelines, in terms of maintenance, upgrades, pipeline creation, caching, and speed!

Why You Should be Using Multi-stage Docker Builds in 2019

Codefresh

Watch the webinar at https://codefresh.io/events/multi-stage-docker-builds/ ! Docker multi-stage builds were announced 2 years ago, but sadly not all developers are using them. Using multi-stage builds can result in a much more secure and smaller Docker image. In some cases, you can take a Docker image from 700MB to 20MB, which makes a big difference in the context of CI/CD. In this webinar, we will see how to use multi-stage Docker builds and the best practices around them. Open a FREE Codefresh account with UNLIMITED Builds at https://codefresh.io

CICD Pipelines for Microservices Best Practices

Codefresh

**Watch the full webinar at Codefresh.io/events! You have finally split your big monolith into microservices. Now what? How do you validate a more complex application? And how do you make it scale? Instead of having one CI/CD pipeline, you have multiple. And as the number of microservices increases so does the number of pipelines. Managing pipelines for microservice applications can quickly get out of hand, especially when you try to reuse common pipeline parts between different applications. In this webinar, we will see how you can create CI/CD pipelines designed specifically for microservices and how you can reuse the same pipeline across different applications.

Codefresh CICD New Features Launch! May 2019

Codefresh

Watch the video here: https://www.youtube.com/watch?v=z3u5cCV7glo CI/CD isn't some dark art, it's a critical component in increasing developer velocity! At Codefresh, we've been hard at work building a new UI, streamlining pipeline creation, and making it easier than ever to use Codefresh. Watch this webinar to see all of the new enhancements including live demos! See the full blog post here: https://codefresh.io/codefresh-news/p... New to Codefresh? Sign up for a FREE account today at Codefresh.io

Terraform GitOps on Codefresh

Codefresh

**Watch the full webinar at https://codefresh.io/events/terraform-gitops-codefresh/ Today we write "Infrastructure as Code" and even "Pipelines as Code", so let's start treating our "code as code" and practice CI/CD with GitOps! In this talk, we'll show you how we build and deploy applications with Terraform using GitOps and Codefresh. Cloud Posse is a Terraform power user that has developed over 130 Terraform modules which are free and open source. We'll share how we handle automation with security while making the process easy for engineers.

Adding Container Image Scanning to Your Codefresh Pipelines with Anchore

Codefresh

>>Read the blog post & watch the webinar here: https://codefresh.io/security-testing/adding-anchore-container-image-scanning-to-codefresh-pipeline/ In a few short years, containers have drastically changed the IT landscape and have helped drive a DevOps revolution. While containers bring a number of advantages, they also present a number of security challenges. These include the lack of support for containers by traditional IT tools and the lack of container experience in operations and security personnel. With container images becoming an ever more regular part of the development lifecycle, security should be woven into an automated pipeline with standardized best practices for testing. In this webinar, we will discuss how you can integrate tools like the open-source Anchore Engine into your Codefresh pipeline to automate image scanning and policy management & achieve a better security and compliance stance when building containers.

Image scanning using Clair

Codefresh

>> See the blog post and watch the webinar here: codefresh.io/clair-vulnerability-scans/ In this edition of Codefresh Live, see how the open-source project Clair can be used to scan your Docker images for security vulnerabilities in your CI/CD pipeline. Join Codefresh's Senior Solution Architect Dustin Van Buskirk for a LIVE tutorial including: - Installing Clair into your Kubernetes cluster using Codefresh Helm Repository/Chart Installation - Adding a Clair step to a Codefresh pipeline - Storing your Clair security results into a storage system - Enriching your Docker image’s metadata with Clair results - Enforcing vulnerability level thresholds in your pipelines Gain a 'clear' view of the security for your container-based infrastructure with our simple & easy plugin. Try Codefresh for FREE (120 builds/month!) at Codefresh.io/codefresh-signup

Updating Kubernetes With Helm Charts: Build, Test, Deploy with Codefresh and...

Codefresh

>>Watch the Codefresh Live webinar at Codefresh.io/events Creating and using custom Helm charts for internal consumption is incredibly powerful. In this edition of Codefresh Live we'll go through best practices for creating, testing, and deploying Helm Charts. We'll mix custom and community charts into our application and show best practices for promoting charts into ACR Chart Repositories. You'll be surprised just how effective Helm Charts can be in a streamlined DevOps workflow.

Docker based-Pipelines with Codefresh

Codefresh

>>WATCH THE WEBINAR HERE: https://codefresh.io/docker-based-pipelines-with-codefresh/ Most people think that Docker adoption means deploying Docker images. In this webinar, we will see the alternative way of adopting Docker in a Continuous Integration Pipeline, by packaging all build tools inside Docker containers. This makes it very easy to use different tool versions on the same build and puts an end to version conflicts in build machines. We will use Codefresh as a CI/CD solution as it fully supports pipelines where each build step is running on its own container image. Sign up for FREE Codefresh account (120 builds/month) at Codefresh.io/codefresh-signup

Automated Serverless Pipelines with #GitOps on Codefresh

Codefresh

**Watch the full presentation here: https://codefresh.io/automated-serverless-pipelines-with-gitops-on-codefresh/ Dan Van Brunt introduces you to Serverless, talks about common misconceptions and challenges, and then demos how he uses the Serverless Framework effectively alongside containers. He shares some of the advanced pipelines he's developed so you can replicate his workflow without building a pipeline from scratch! Try Codefresh for FREE (120 builds/month) and get a free custom demo at Codefresh.io

Discovering and Fixing Dependency Vulnerabilities for Kubernetes apps with Sn...

Codefresh

Watch the full webinar here: https://bit.ly/2NsNSVb 83% of organizations use vulnerable dependencies. By bringing Snyk into the CI/CD process we can scan Docker images as they are created and reveal vulnerabilities and fixes to developers as they work. Don’t wait for production to catch vulnerabilities! In this presentation, we use Codefresh to integrate with Snyk for a secure continuous delivery pipeline. Ready to try Codefresh? Sign up for FREE (120 builds/month) at Codefresh.io/codefresh-signup

Net Pipeline on Windows Kubernetes

Codefresh

WATCH THE WEBINAR HERE: https://codefresh.io/net-pipeline-windows-kubernetes/ For a long time, .Net applications have waited on the sidelines of the container revolution because of poor windows support. Not anymore! In this webinar we'll show a robust CI/CD workflow for building, testing and deploying .Net applications with Windows nodes. To help us out, we've invited Azure expert Jessica Deen. Get practical guidance on how to handle your .Net dev and release flows. Sign up for a FREE Codefresh account and get 120 builds/month at codefresh.io/codefresh-signup

Multi-cloud CI/CD with failover powered by K8s, Istio, Helm, and Codefresh

Codefresh

**View the full webinar here: https://codefresh.io/multi-cloud-cicd-kubernetes-failover-across-clouds/ Multi-cloud Kubernetes is all about mitigating risk between hosting providers. In this webinar, we'll leverage Kubernetes as our universal cloud API, standup clusters in Google, Amazon, and Azure, setup multi-deploy so our application is in several locations, and demonstrate failover should one cloud fail. We'll stand up and manage our clusters, then use Istio, Helm, and Codefresh to do a multi-cloud Canary rollout to each cloud. Come ready to see: - Continuous Delivery to multiple Kubernetes providers - Cluster creation on multiple clouds from a single interface - How to create failover rules - A practical guide on how to set it up for yourself Get a free Codefresh account today (that's 120 build/month!) at https://codefresh.io/codefresh-signup/

More from Codefresh (20)

Detect, debug, deploy with Codefresh and Lightstep

CICD Pipelines for Microservices: Lessons from the Trenches

Simplify Your Code with Helmfile

Making the Most of Helm 3 with Codefresh

5 Simple Tips for Troubleshooting Your Kubernetes Pods

Best Practices for Microservice CI/CD: Lessons from Expedia and Codefresh

Hybrid CI/CD with Kubernetes & Codefresh

VM vs Docker-Based Pipelines

Why You Should be Using Multi-stage Docker Builds in 2019

CICD Pipelines for Microservices Best Practices

Codefresh CICD New Features Launch! May 2019

Terraform GitOps on Codefresh

Adding Container Image Scanning to Your Codefresh Pipelines with Anchore

Image scanning using Clair

Updating Kubernetes With Helm Charts: Build, Test, Deploy with Codefresh and...

Docker based-Pipelines with Codefresh

Automated Serverless Pipelines with #GitOps on Codefresh

Discovering and Fixing Dependency Vulnerabilities for Kubernetes apps with Sn...

Net Pipeline on Windows Kubernetes

Multi-cloud CI/CD with failover powered by K8s, Istio, Helm, and Codefresh

Recently uploaded

RESUME BUILDER APPLICATION Project for students

KAMESHS29

Full-RAG: A modern architecture for hyper-personalization

Zilliz

Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

James Anderson

Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management. The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM). Speakers: Bob Boule Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle. Gopinath Rebala Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

FIDO Alliance

Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...

SOFTTECHHUB

The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing. One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.

Pushing the limits of ePRTC: 100ns holdover for 100 days

Adtran

Removing Uninteresting Bytes in Software Fuzzing

Aftab Hussain

Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process. In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds. - These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.

Uni Systems Copilot event_05062024_C.Vlachos.pdf

Uni Systems S.M.S.A.

GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024

Neo4j

A tale of scale & speed: How the US Navy is enabling software delivery from l...

sonjaschweigert1

Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved: - Reduction in onboarding time from 5 weeks to 1 day - Improved developer experience and productivity through actionable findings and reduction of false positives - Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO) Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production. We will cover: - How to remove silos in DevSecOps - How to build efficient development pipeline roles and component templates - How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence) - How to streamline operations with automated policy checks on container images

Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...

James Anderson

Securing your Kubernetes cluster_ a step-by-step guide to success !

KatiaHIMEUR1

Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster. However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks. In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.

Microsoft - Power Platform_G.Aspiotis.pdf

Uni Systems S.M.S.A.

Building RAG with self-deployed Milvus vector database and Snowpark Container...

Zilliz

UiPath Test Automation using UiPath Test Suite series, part 6

DianaGray10

Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI. UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities. Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes. What will you get from this session? 1. Insights into integrating generative AI. 2. Understanding how this integration enhances test automation within the UiPath platform 3. Practical demonstrations 4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath Topics covered: What is generative AI Test Automation with generative AI and Open AI. UiPath integration with generative AI Speaker: Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP

Monitoring Java Application Security with JDK Tools and JFR Events

Ana-Maria Mihalceanu

Elizabeth Buie - Older adults: Are we really designing for our future selves?

Nexer Digital

20240605 QFM017 Machine Intelligence Reading List May 2024

Matthew Sinclair

Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf

Malak Abu Hammad

Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers: * What is Vector Search? * Importance and benefits of vector search * Practical use cases across various industries * Step-by-step implementation guide * Live demos with code snippets * Enhancing LLM capabilities with vector search * Best practices and optimization strategies Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications. #MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

Paige Cruz

Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack. While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack. I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:

Recently uploaded (20)

RESUME BUILDER APPLICATION Project for students

Full-RAG: A modern architecture for hyper-personalization

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...

Pushing the limits of ePRTC: 100ns holdover for 100 days

Removing Uninteresting Bytes in Software Fuzzing

Uni Systems Copilot event_05062024_C.Vlachos.pdf

GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024

A tale of scale & speed: How the US Navy is enabling software delivery from l...

Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...

Securing your Kubernetes cluster_ a step-by-step guide to success !

Microsoft - Power Platform_G.Aspiotis.pdf

Building RAG with self-deployed Milvus vector database and Snowpark Container...

UiPath Test Automation using UiPath Test Suite series, part 6

Monitoring Java Application Security with JDK Tools and JFR Events

Elizabeth Buie - Older adults: Are we really designing for our future selves?

20240605 QFM017 Machine Intelligence Reading List May 2024

Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

Deploy Secure Cloud-Native Apps Fast

2. 2 @texanraj Cloud native technology brings a dramatic shift in speed, scale and networking Dev cycles Scale Connectivity Infrequent, major releases 10x per host, weeks/months Few apps, few nodes Continuous deployment 1000x per host, hours/days Dozens of interconnected micro services Attack surface CONTAINER VM

3. 3 @texanraj The Threat Landscape

4. 4 @texanraj Where Security Fits

5. 5 Security as a shared responsibility Protect workloads with focus on prevention Secure Once, Run Anywhere  “Shift left” security, fix issues early and fast  Whitelist good behavior, preventing anomalies  Secure the application uniformly across clouds and platforms Aqua Security: Our Approach Make Cloud-Native the most secure, predictable and controlled platform for running critical applications

6. 6 @texanraj The Container Lifecycle Changes move in one direction Track image and ensure integrity Block unapproved images Enforce image risk policy Scan for vulnerabilities, malware, OSS, secrets Base-image policy Check configuration Cryptographic digest of image What is the risk of running an image? What can a running container do? Hard- Coded Secrets Malware Known CVEsOSS Licenses Unapproved Base Images Build Ship Run

7. 7 @texanraj Shift Left: Baked-In vs Bolt-On Security Build RunShip   • Unique digest • Continuous scan for CVEs • CVE blacklist & whitelist • Risk Score • Feedback to developers 1 2 3 Aqua Cyber Intelligence

8. 8 @texanraj Secure Once, Run Anywhere

9. 9 @texanraj Integration into Codefresh CI

10. 10 @texanraj Aqua Image Scanning Key Features  CVE scanning based on multiple sources (NVD, vendor advisories, proprietary research) - updated continuously  Scans for hard-coded secretes in images (tokens, private keys, certificates)  Scans for malware  Checks best practice configuration issues  Supports all Docker registries  Native plug-ins for CI/CD including Codefresh, Jenkins, VSTS, Bamboo and others Languages

11. 11 @texanraj Aqua Runtime: Focus on Prevention  Immutable applications are easier to protect:  Updates should only be done via a monitored build process  Any change made to a running application is therefore suspicious  Aqua checks application contents against its originating build artifact  If a change is detected – generates alert, can block the specific change attempt Original Application Observed Behavior Protected Application                    

12. 12 @texanraj  Runs checks against all 200+ CIS tests  Provides a scored report of the results  Can be scheduled to run daily Aqua is a CIS SecureSuite member Kubernetes & Docker CIS Benchmarks

13. 13 @texanraj Kubernetes Open Source Security Tools Open-source project automates CIS Benchmark testing • Get it at https://github.com/aquasecurity/kube-bench Open-source project for pen-testing Kubernetes deployments • Get it at https://kube-hunter.aquasec.com/

14. 14 @texanraj Containers Present an Opportunity for Better Security  Prevent unknown images  Stop image by CVEs and score  Stop user privilege escalation  Stop suspicious processes  Control capabilities  Enforce network isolation  Protect the host resources  Encrypt sensitive variables  Enforce use of automation tools  Visibility across the environment

15. 15 @texanraj Secure your workloads  Prepare a plan  Involve your teams  Use the tools at hand Try Aqua and Secure Your Cloud Native Workloads Today Try Aqua on a Cloud Marketplace

16. Thank You @texanraj

Deploy Secure Cloud-Native Apps Fast

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Deploy Secure Cloud-Native Apps Fast

Similar to Deploy Secure Cloud-Native Apps Fast (20)

More from Codefresh

More from Codefresh (20)

Recently uploaded

Recently uploaded (20)

Deploy Secure Cloud-Native Apps Fast