SlideShare a Scribd company logo

Next Generation Vulnerability Assessment Using Datadog and Snyk

DevOps.com
DevOps.com

Vulnerability assessment for teams can often be overwhelming. The dependency graph could be thousands of packages depending on the application. Triaging vulnerability data and prioritizing actions has historically been a very manual process, until now. With Datadog and Snyk, learn how to trace security and performance issues by leveraging continuous profiling capabilities for actionable insight that help developers remediate problems. Join us on Thursday, January 21 for a unique opportunity to learn more about continuous profiling, vulnerability management, and the benefit to customers from using both of these products. In this webinar, you will: Bust some myths around continuous profiling and learn how Datadog differentiates itself See decorated traces in action for sample Java applications and understand how Snyk + Datadog reduce time to triage supply chain vulnerabilities Learn roadmap information for upcoming public announcements from both partners

Technology
1 of 37
Download to read offline
Vulnerability Assessment using Datadog and Snyk January 21, 2021
Agenda -Introduction -Snyk and Datadog Partnership -Understanding Continuous Profiling -See and analyze a trace -How Snyk Github Action Integrates the source graph -Snyk.io vulnerability mapping technology -User value proposition -Q&A
Who are we? Andrew Krug Technical Evangelist Datadog Liran Tal Senior Developer Advocate Snyk
Snyk and Datadog Partnership
Identify And Prioritize Real-Time Code-Level Security Fixes – Datadog GitHub Actions integration tracks dependency and version information – Snyk augments this production data with security information about vulnerable methods – Available in Datadog & Snyk free tier
Understanding Continuous Profiling
What is Profiling? A form of software analysis that takes place dynamically – Measures software resource usage – Focus on performance and code level execution
Profiling vs Tracing Profiling: ● In the runtime itself. ● Performance focus ○ CPU ○ Memory ○ Method Executions Tracing: ● Instrumented in the code ● Request oriented ○ Databases ○ External APIs
Polling Question #1: What language do you develop in the most? 1. Python 2. Java 3. JavaScript 4. Rust 5. Go
Let’s build it! and then, let’s exploit it!
Sample Java Goof App ● Struts App ● To-Do List ● Open Source
Dockerfile Based + AWS CDK
Dockerfile Based + AWS CDK ● Adds the Datadog Java Flight Recorder Interfaces
Form that in AWS Using the CDK
Some great attributes of the sidecar pattern ● Datadog manages that container for you ● No credentials for Datadog in the running app container ● Binds to the standard Datadog agent port in the “task” ● Uses standards in the language to instrument Flight Recorder Datadog Sidecar DD Agent Jar Datadog
Results
Snyk Integration How’s it work? ● Integrated with your CI/CD ● Github Action Available Builds a dependency graph ● Using Snyk ● Posts that to Datadog with a service & version via unified tagging. http://bit.ly/3qtdJQD
Snyk Integration How’s it work? ● Integrated with your CI/CD ● Github Action Available Builds a dependency graph ● Using Snyk ● Posts that to Datadog with a service & version via unified tagging. http://bit.ly/3qtdJQD Commit Action Dependency Graph Snyk Cli Vulnerability JSON Ship to Datadog
Relevant Vulnerability Information Module ( What? ) ● org.hibernate:hibernate-core Vulnerable Functions ( Where? ) ● org/hibernate/loader/plan/exec/query/internal/SelectStatementBuilder.toStatementString ● org/hibernate/sql/Delete.toStatementString ● org/hibernate/sql/Insert.toStatementString ● org/hibernate/sql/InsertSelect.toStatementString ● org/hibernate/sql/QuerySelect.toQueryString ● org/hibernate/sql/Select.toStatementString ● org/hibernate/sql/SimpleSelect.toStatementString ● org/hibernate/sql/Update.toStatementString
Correlated with tracing! Version Service Correlated Trace using the Execution Graph Who? How?
What open-source components are you importing? 1 Dependency tree annotated with vulnerabilities per each open-source module 1
A developer-first experience for security insights
A developer-first experience for security insights 1 2 3 1 Prioritize code-reachable code 2 Filter to find them quickly 3 Prioritize based on more than a CVSS
A developer-first experience for security insights 1 Prioritize code-reachable code 2 Shows the vulnerable function 1 2
One vulnerability away from being the next Equifax CVE-2017-5638
One vulnerability away from being the next Equifax People had highly personal data exposed Remote code execution vulnerability was exploited From disclosure it took for exploits of the vulnerability to be seen in the wild After disclosure that Equifax was hacked, having failed to fix the vulnerability +150M Apache Struts A few hours 2 months
One vulnerability away from being the next Equifax
One vulnerability away from being the next Equifax
Let’s hack Apache Struts servers
One vulnerability away from being the next Equifax Equifax breach could be most costly in human history
One vulnerability away from being the next Equifax Equifax breach could have been prevented If only there was someone responsible for security… 🤔
One vulnerability away from being the next Equifax
User value proposition
Developer-first Security integrated into your infrastructure monitoring – DevOps creates the infrastructure and make it easily consumable – Developers own the code, developers operate the infrastructure – Shifting-left security and augmenting data with actionable insights – Too many trees to see the forest? prioritize security, smartly!
Follow-up Resources – Engineering blogs deep-dives: – Datadog: – Continuous Profiler – How we wrote a python profiler by Julian Danjou – Snyk: – Reachable vulnerabilities: how to effectively prioritze open source security by Krysztof Huszcza – Optimizing prioritization with deep application-level context by Daniel Berman, Michael Komraz – Open source – Datadog profiler is open source – The Snyk CLI open sourced on a GitHub repository – Sample datadog-snyk integration Java app – Snyk integration Github Action
Follow-up Resources – Datadog and Snyk GitHub Action – Getting started with Datadog and Snyk blog post – Datadog community office hours for any help you need! https://docs.datadoghq.com/developers/office_hours/
Thank you! Q&A

Recommended

DevOps Spain 2019. Beatriz Martínez-IBM
DevOps Spain 2019. Beatriz Martínez-IBMDevOps Spain 2019. Beatriz Martínez-IBM
DevOps Spain 2019. Beatriz Martínez-IBMatSistemas
 
Microservices at Scale: How to Reduce Overhead and Increase Developer Product...
Microservices at Scale: How to Reduce Overhead and Increase Developer Product...Microservices at Scale: How to Reduce Overhead and Increase Developer Product...
Microservices at Scale: How to Reduce Overhead and Increase Developer Product...DevOps.com
 
CI/CD on Google Cloud Platform
CI/CD on Google Cloud PlatformCI/CD on Google Cloud Platform
CI/CD on Google Cloud PlatformDevOps Indonesia
 
DevOps to DevSecOps Journey..
DevOps to DevSecOps Journey..DevOps to DevSecOps Journey..
DevOps to DevSecOps Journey..Siddharth Joshi
 
Enable DevSecOps using JIRA Software
Enable DevSecOps using JIRA SoftwareEnable DevSecOps using JIRA Software
Enable DevSecOps using JIRA SoftwareAUGNYC
 
DevSecOps reference architectures 2018
DevSecOps reference architectures 2018DevSecOps reference architectures 2018
DevSecOps reference architectures 2018Sonatype
 
[muCon2017]DevSecOps: How to Continuously Integrate Security into DevOps
[muCon2017]DevSecOps: How to Continuously Integrate Security into DevOps[muCon2017]DevSecOps: How to Continuously Integrate Security into DevOps
[muCon2017]DevSecOps: How to Continuously Integrate Security into DevOpsDaniel Oh
 
Achieving DevSecOps Outcomes with Tanzu Advanced- March 22, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- March 22, 2021Achieving DevSecOps Outcomes with Tanzu Advanced- March 22, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- March 22, 2021VMware Tanzu
 

Recommended

DevOps Spain 2019. Beatriz Martínez-IBM
DevOps Spain 2019. Beatriz Martínez-IBMDevOps Spain 2019. Beatriz Martínez-IBM
DevOps Spain 2019. Beatriz Martínez-IBMatSistemas
 
Microservices at Scale: How to Reduce Overhead and Increase Developer Product...
Microservices at Scale: How to Reduce Overhead and Increase Developer Product...Microservices at Scale: How to Reduce Overhead and Increase Developer Product...
Microservices at Scale: How to Reduce Overhead and Increase Developer Product...DevOps.com
 
CI/CD on Google Cloud Platform
CI/CD on Google Cloud PlatformCI/CD on Google Cloud Platform
CI/CD on Google Cloud PlatformDevOps Indonesia
 
DevOps to DevSecOps Journey..
DevOps to DevSecOps Journey..DevOps to DevSecOps Journey..
DevOps to DevSecOps Journey..Siddharth Joshi
 
Enable DevSecOps using JIRA Software
Enable DevSecOps using JIRA SoftwareEnable DevSecOps using JIRA Software
Enable DevSecOps using JIRA SoftwareAUGNYC
 
DevSecOps reference architectures 2018
DevSecOps reference architectures 2018DevSecOps reference architectures 2018
DevSecOps reference architectures 2018Sonatype
 
[muCon2017]DevSecOps: How to Continuously Integrate Security into DevOps
[muCon2017]DevSecOps: How to Continuously Integrate Security into DevOps[muCon2017]DevSecOps: How to Continuously Integrate Security into DevOps
[muCon2017]DevSecOps: How to Continuously Integrate Security into DevOpsDaniel Oh
 
Achieving DevSecOps Outcomes with Tanzu Advanced- March 22, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- March 22, 2021Achieving DevSecOps Outcomes with Tanzu Advanced- March 22, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- March 22, 2021VMware Tanzu
 
Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?DevOps.com
 
Redefining cloud native debugging
Redefining cloud native debugging Redefining cloud native debugging
Redefining cloud native debugging LibbySchulze
 
DevOps Spain 2019. David Cañadillas -Cloudbees
DevOps Spain 2019. David Cañadillas -CloudbeesDevOps Spain 2019. David Cañadillas -Cloudbees
DevOps Spain 2019. David Cañadillas -CloudbeesatSistemas
 
DevSecOps: Security at the Speed of DevOp
DevSecOps: Security at the Speed of DevOpDevSecOps: Security at the Speed of DevOp
DevSecOps: Security at the Speed of DevOpVMware Tanzu
 
DevOps in the Real World: Know What it Takes to Make it Work
DevOps in the Real World: Know What it Takes to Make it WorkDevOps in the Real World: Know What it Takes to Make it Work
DevOps in the Real World: Know What it Takes to Make it WorkVMware Tanzu
 
Hardening Your CI/CD Pipelines with GitOps and Continuous Security
Hardening Your CI/CD Pipelines with GitOps and Continuous SecurityHardening Your CI/CD Pipelines with GitOps and Continuous Security
Hardening Your CI/CD Pipelines with GitOps and Continuous SecurityWeaveworks
 
Introduction to KubeSphere and its open source ecosystem
Introduction to KubeSphere and its open source ecosystemIntroduction to KubeSphere and its open source ecosystem
Introduction to KubeSphere and its open source ecosystemKubeSphere
 
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021VMware Tanzu
 
DevOps Spain 2019. Pedro Mendoza-AWS
DevOps Spain 2019. Pedro Mendoza-AWSDevOps Spain 2019. Pedro Mendoza-AWS
DevOps Spain 2019. Pedro Mendoza-AWSatSistemas
 
Tools and Recipes to Replatform Monolithic Apps to Modern Cloud Environments
Tools and Recipes to Replatform Monolithic Apps to Modern Cloud EnvironmentsTools and Recipes to Replatform Monolithic Apps to Modern Cloud Environments
Tools and Recipes to Replatform Monolithic Apps to Modern Cloud EnvironmentsVMware Tanzu
 
Optimize your CI/CD with GitLab and AWS
Optimize your CI/CD with GitLab and AWSOptimize your CI/CD with GitLab and AWS
Optimize your CI/CD with GitLab and AWSDevOps.com
 
Addressing the 8 Key Pain Points of Kubernetes Cluster Management
Addressing the 8 Key Pain Points of Kubernetes Cluster ManagementAddressing the 8 Key Pain Points of Kubernetes Cluster Management
Addressing the 8 Key Pain Points of Kubernetes Cluster ManagementEnterprise Management Associates
 
DevOps Spain 2019. Olivier Perard-Oracle
DevOps Spain 2019. Olivier Perard-OracleDevOps Spain 2019. Olivier Perard-Oracle
DevOps Spain 2019. Olivier Perard-OracleatSistemas
 
Latest dev ops trends in 2021 you should know
Latest dev ops trends in 2021 you should knowLatest dev ops trends in 2021 you should know
Latest dev ops trends in 2021 you should knowImpressico Business Solutions
 
Observe and command your fleets across any kubernetes with weave git ops
Observe and command your fleets across any kubernetes with weave git opsObserve and command your fleets across any kubernetes with weave git ops
Observe and command your fleets across any kubernetes with weave git opsWeaveworks
 
Secure, Strengthen, Automate, and Scale Modern Workloads with Red Hat & NGINX
Secure, Strengthen, Automate, and Scale Modern Workloads with Red Hat & NGINXSecure, Strengthen, Automate, and Scale Modern Workloads with Red Hat & NGINX
Secure, Strengthen, Automate, and Scale Modern Workloads with Red Hat & NGINXNGINX, Inc.
 
DevSecOps: The DoD Software Factory
DevSecOps: The DoD Software FactoryDevSecOps: The DoD Software Factory
DevSecOps: The DoD Software Factoryscoopnewsgroup
 
DevSecOps What Why and How
DevSecOps What Why and HowDevSecOps What Why and How
DevSecOps What Why and HowNotSoSecure Global Services
 
Microsoft DevOps Forum 2021 – DevOps & Security
Microsoft DevOps Forum 2021 – DevOps & Security Microsoft DevOps Forum 2021 – DevOps & Security
Microsoft DevOps Forum 2021 – DevOps & SecurityNico Meisenzahl
 
Cloud native programming model comparison
Cloud native programming model comparisonCloud native programming model comparison
Cloud native programming model comparisonEmily Jiang
 
Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...
Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...
Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...sparkfabrik
 
Code, ci, infrastructure - the gophers way
Code, ci, infrastructure - the gophers wayCode, ci, infrastructure - the gophers way
Code, ci, infrastructure - the gophers wayAlex Baitov
 

More Related Content

What's hot

Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?DevOps.com
 
Redefining cloud native debugging
Redefining cloud native debugging Redefining cloud native debugging
Redefining cloud native debugging LibbySchulze
 
DevOps Spain 2019. David Cañadillas -Cloudbees
DevOps Spain 2019. David Cañadillas -CloudbeesDevOps Spain 2019. David Cañadillas -Cloudbees
DevOps Spain 2019. David Cañadillas -CloudbeesatSistemas
 
DevSecOps: Security at the Speed of DevOp
DevSecOps: Security at the Speed of DevOpDevSecOps: Security at the Speed of DevOp
DevSecOps: Security at the Speed of DevOpVMware Tanzu
 
DevOps in the Real World: Know What it Takes to Make it Work
DevOps in the Real World: Know What it Takes to Make it WorkDevOps in the Real World: Know What it Takes to Make it Work
DevOps in the Real World: Know What it Takes to Make it WorkVMware Tanzu
 
Hardening Your CI/CD Pipelines with GitOps and Continuous Security
Hardening Your CI/CD Pipelines with GitOps and Continuous SecurityHardening Your CI/CD Pipelines with GitOps and Continuous Security
Hardening Your CI/CD Pipelines with GitOps and Continuous SecurityWeaveworks
 
Introduction to KubeSphere and its open source ecosystem
Introduction to KubeSphere and its open source ecosystemIntroduction to KubeSphere and its open source ecosystem
Introduction to KubeSphere and its open source ecosystemKubeSphere
 
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021VMware Tanzu
 
DevOps Spain 2019. Pedro Mendoza-AWS
DevOps Spain 2019. Pedro Mendoza-AWSDevOps Spain 2019. Pedro Mendoza-AWS
DevOps Spain 2019. Pedro Mendoza-AWSatSistemas
 
Tools and Recipes to Replatform Monolithic Apps to Modern Cloud Environments
Tools and Recipes to Replatform Monolithic Apps to Modern Cloud EnvironmentsTools and Recipes to Replatform Monolithic Apps to Modern Cloud Environments
Tools and Recipes to Replatform Monolithic Apps to Modern Cloud EnvironmentsVMware Tanzu
 
Optimize your CI/CD with GitLab and AWS
Optimize your CI/CD with GitLab and AWSOptimize your CI/CD with GitLab and AWS
Optimize your CI/CD with GitLab and AWSDevOps.com
 
Addressing the 8 Key Pain Points of Kubernetes Cluster Management
Addressing the 8 Key Pain Points of Kubernetes Cluster ManagementAddressing the 8 Key Pain Points of Kubernetes Cluster Management
Addressing the 8 Key Pain Points of Kubernetes Cluster ManagementEnterprise Management Associates
 
DevOps Spain 2019. Olivier Perard-Oracle
DevOps Spain 2019. Olivier Perard-OracleDevOps Spain 2019. Olivier Perard-Oracle
DevOps Spain 2019. Olivier Perard-OracleatSistemas
 
Observe and command your fleets across any kubernetes with weave git ops
Observe and command your fleets across any kubernetes with weave git opsObserve and command your fleets across any kubernetes with weave git ops
Observe and command your fleets across any kubernetes with weave git opsWeaveworks
 
Secure, Strengthen, Automate, and Scale Modern Workloads with Red Hat & NGINX
Secure, Strengthen, Automate, and Scale Modern Workloads with Red Hat & NGINXSecure, Strengthen, Automate, and Scale Modern Workloads with Red Hat & NGINX
Secure, Strengthen, Automate, and Scale Modern Workloads with Red Hat & NGINXNGINX, Inc.
 
DevSecOps: The DoD Software Factory
DevSecOps: The DoD Software FactoryDevSecOps: The DoD Software Factory
DevSecOps: The DoD Software Factoryscoopnewsgroup
 
Microsoft DevOps Forum 2021 – DevOps & Security
Microsoft DevOps Forum 2021 – DevOps & Security Microsoft DevOps Forum 2021 – DevOps & Security
Microsoft DevOps Forum 2021 – DevOps & SecurityNico Meisenzahl
 
Cloud native programming model comparison
Cloud native programming model comparisonCloud native programming model comparison
Cloud native programming model comparisonEmily Jiang
 

What's hot (20)

Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?
 
Redefining cloud native debugging
Redefining cloud native debugging Redefining cloud native debugging
Redefining cloud native debugging
 
DevOps Spain 2019. David Cañadillas -Cloudbees
DevOps Spain 2019. David Cañadillas -CloudbeesDevOps Spain 2019. David Cañadillas -Cloudbees
DevOps Spain 2019. David Cañadillas -Cloudbees
 
DevSecOps: Security at the Speed of DevOp
DevSecOps: Security at the Speed of DevOpDevSecOps: Security at the Speed of DevOp
DevSecOps: Security at the Speed of DevOp
 
DevOps in the Real World: Know What it Takes to Make it Work
DevOps in the Real World: Know What it Takes to Make it WorkDevOps in the Real World: Know What it Takes to Make it Work
DevOps in the Real World: Know What it Takes to Make it Work
 
Hardening Your CI/CD Pipelines with GitOps and Continuous Security
Hardening Your CI/CD Pipelines with GitOps and Continuous SecurityHardening Your CI/CD Pipelines with GitOps and Continuous Security
Hardening Your CI/CD Pipelines with GitOps and Continuous Security
 
Introduction to KubeSphere and its open source ecosystem
Introduction to KubeSphere and its open source ecosystemIntroduction to KubeSphere and its open source ecosystem
Introduction to KubeSphere and its open source ecosystem
 
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
 
DevOps Spain 2019. Pedro Mendoza-AWS
DevOps Spain 2019. Pedro Mendoza-AWSDevOps Spain 2019. Pedro Mendoza-AWS
DevOps Spain 2019. Pedro Mendoza-AWS
 
Tools and Recipes to Replatform Monolithic Apps to Modern Cloud Environments
Tools and Recipes to Replatform Monolithic Apps to Modern Cloud EnvironmentsTools and Recipes to Replatform Monolithic Apps to Modern Cloud Environments
Tools and Recipes to Replatform Monolithic Apps to Modern Cloud Environments
 
Optimize your CI/CD with GitLab and AWS
Optimize your CI/CD with GitLab and AWSOptimize your CI/CD with GitLab and AWS
Optimize your CI/CD with GitLab and AWS
 
Addressing the 8 Key Pain Points of Kubernetes Cluster Management
Addressing the 8 Key Pain Points of Kubernetes Cluster ManagementAddressing the 8 Key Pain Points of Kubernetes Cluster Management
Addressing the 8 Key Pain Points of Kubernetes Cluster Management
 
DevOps Spain 2019. Olivier Perard-Oracle
DevOps Spain 2019. Olivier Perard-OracleDevOps Spain 2019. Olivier Perard-Oracle
DevOps Spain 2019. Olivier Perard-Oracle
 
Latest dev ops trends in 2021 you should know
Latest dev ops trends in 2021 you should knowLatest dev ops trends in 2021 you should know
Latest dev ops trends in 2021 you should know
 
Observe and command your fleets across any kubernetes with weave git ops
Observe and command your fleets across any kubernetes with weave git opsObserve and command your fleets across any kubernetes with weave git ops
Observe and command your fleets across any kubernetes with weave git ops
 
Secure, Strengthen, Automate, and Scale Modern Workloads with Red Hat & NGINX
Secure, Strengthen, Automate, and Scale Modern Workloads with Red Hat & NGINXSecure, Strengthen, Automate, and Scale Modern Workloads with Red Hat & NGINX
Secure, Strengthen, Automate, and Scale Modern Workloads with Red Hat & NGINX
 
DevSecOps: The DoD Software Factory
DevSecOps: The DoD Software FactoryDevSecOps: The DoD Software Factory
DevSecOps: The DoD Software Factory
 
DevSecOps What Why and How
DevSecOps What Why and HowDevSecOps What Why and How
DevSecOps What Why and How
 
Microsoft DevOps Forum 2021 – DevOps & Security
Microsoft DevOps Forum 2021 – DevOps & Security Microsoft DevOps Forum 2021 – DevOps & Security
Microsoft DevOps Forum 2021 – DevOps & Security
 
Cloud native programming model comparison
Cloud native programming model comparisonCloud native programming model comparison
Cloud native programming model comparison
 

Similar to Next Generation Vulnerability Assessment Using Datadog and Snyk

Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...
Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...
Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...sparkfabrik
 
Code, ci, infrastructure - the gophers way
Code, ci, infrastructure - the gophers wayCode, ci, infrastructure - the gophers way
Code, ci, infrastructure - the gophers wayAlex Baitov
 
Pragmatic Pipeline Security
Pragmatic Pipeline SecurityPragmatic Pipeline Security
Pragmatic Pipeline SecurityJames Wickett
 
Data Science in Production: Technologies That Drive Adoption of Data Science ...
Data Science in Production: Technologies That Drive Adoption of Data Science ...Data Science in Production: Technologies That Drive Adoption of Data Science ...
Data Science in Production: Technologies That Drive Adoption of Data Science ...Nir Yungster
 
WebGoat.SDWAN.Net in Depth
WebGoat.SDWAN.Net in DepthWebGoat.SDWAN.Net in Depth
WebGoat.SDWAN.Net in Depthyalegko
 
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment Sergey Gordeychik
 
Continuous Delivery to the Cloud: Automate Thru Production with CI + Spinnaker
Continuous Delivery to the Cloud: Automate Thru Production with CI + SpinnakerContinuous Delivery to the Cloud: Automate Thru Production with CI + Spinnaker
Continuous Delivery to the Cloud: Automate Thru Production with CI + SpinnakerVMware Tanzu
 
Codebits 2014 - Secure Coding - Gamification and automation for the win
Codebits 2014 - Secure Coding - Gamification and automation for the winCodebits 2014 - Secure Coding - Gamification and automation for the win
Codebits 2014 - Secure Coding - Gamification and automation for the winTiago Henriques
 
DockerDay2015: Keynote
DockerDay2015: KeynoteDockerDay2015: Keynote
DockerDay2015: KeynoteDocker-Hanoi
 
Modern DevOps with Spinnaker/Concourse and Micrometer
Modern DevOps with Spinnaker/Concourse and MicrometerModern DevOps with Spinnaker/Concourse and Micrometer
Modern DevOps with Spinnaker/Concourse and MicrometerJesse Tate Pulfer
 
Safeguarding artifact integrity in your Software Supply Chain
Safeguarding artifact integrity in your Software Supply ChainSafeguarding artifact integrity in your Software Supply Chain
Safeguarding artifact integrity in your Software Supply ChainGiovanni Galloro
 
Netflix Open Source: Building a Distributed and Automated Open Source Program
Netflix Open Source: Building a Distributed and Automated Open Source ProgramNetflix Open Source: Building a Distributed and Automated Open Source Program
Netflix Open Source: Building a Distributed and Automated Open Source Programaspyker
 
Building a Distributed & Automated Open Source Program at Netflix
Building a Distributed & Automated Open Source Program at NetflixBuilding a Distributed & Automated Open Source Program at Netflix
Building a Distributed & Automated Open Source Program at NetflixAll Things Open
 
DevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss BankingDevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss BankingAarno Aukia
 
Agile Secure Development
Agile Secure DevelopmentAgile Secure Development
Agile Secure DevelopmentBosnia Agile
 
Begining Android Development
Begining Android DevelopmentBegining Android Development
Begining Android DevelopmentHayi Nukman
 
Introduction to Android Development and Security
Introduction to Android Development and SecurityIntroduction to Android Development and Security
Introduction to Android Development and SecurityKelwin Yang
 
Dipping Your Toes Into Cloud Native Application Development
Dipping Your Toes Into Cloud Native Application DevelopmentDipping Your Toes Into Cloud Native Application Development
Dipping Your Toes Into Cloud Native Application DevelopmentMatthew Farina
 

Similar to Next Generation Vulnerability Assessment Using Datadog and Snyk (20)

Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...
Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...
Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...
 
Code, ci, infrastructure - the gophers way
Code, ci, infrastructure - the gophers wayCode, ci, infrastructure - the gophers way
Code, ci, infrastructure - the gophers way
 
Security in open source projects
Security in open source projectsSecurity in open source projects
Security in open source projects
 
Pragmatic Pipeline Security
Pragmatic Pipeline SecurityPragmatic Pipeline Security
Pragmatic Pipeline Security
 
Data Science in Production: Technologies That Drive Adoption of Data Science ...
Data Science in Production: Technologies That Drive Adoption of Data Science ...Data Science in Production: Technologies That Drive Adoption of Data Science ...
Data Science in Production: Technologies That Drive Adoption of Data Science ...
 
WebGoat.SDWAN.Net in Depth
WebGoat.SDWAN.Net in DepthWebGoat.SDWAN.Net in Depth
WebGoat.SDWAN.Net in Depth
 
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
 
Continuous Delivery to the Cloud: Automate Thru Production with CI + Spinnaker
Continuous Delivery to the Cloud: Automate Thru Production with CI + SpinnakerContinuous Delivery to the Cloud: Automate Thru Production with CI + Spinnaker
Continuous Delivery to the Cloud: Automate Thru Production with CI + Spinnaker
 
Codebits 2014 - Secure Coding - Gamification and automation for the win
Codebits 2014 - Secure Coding - Gamification and automation for the winCodebits 2014 - Secure Coding - Gamification and automation for the win
Codebits 2014 - Secure Coding - Gamification and automation for the win
 
DockerDay2015: Keynote
DockerDay2015: KeynoteDockerDay2015: Keynote
DockerDay2015: Keynote
 
Modern DevOps with Spinnaker/Concourse and Micrometer
Modern DevOps with Spinnaker/Concourse and MicrometerModern DevOps with Spinnaker/Concourse and Micrometer
Modern DevOps with Spinnaker/Concourse and Micrometer
 
Safeguarding artifact integrity in your Software Supply Chain
Safeguarding artifact integrity in your Software Supply ChainSafeguarding artifact integrity in your Software Supply Chain
Safeguarding artifact integrity in your Software Supply Chain
 
Netflix Open Source: Building a Distributed and Automated Open Source Program
Netflix Open Source: Building a Distributed and Automated Open Source ProgramNetflix Open Source: Building a Distributed and Automated Open Source Program
Netflix Open Source: Building a Distributed and Automated Open Source Program
 
Building a Distributed & Automated Open Source Program at Netflix
Building a Distributed & Automated Open Source Program at NetflixBuilding a Distributed & Automated Open Source Program at Netflix
Building a Distributed & Automated Open Source Program at Netflix
 
DevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss BankingDevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss Banking
 
Agile Secure Development
Agile Secure DevelopmentAgile Secure Development
Agile Secure Development
 
Begining Android Development
Begining Android DevelopmentBegining Android Development
Begining Android Development
 
Dagster @ R&S MNT
Dagster @ R&S MNTDagster @ R&S MNT
Dagster @ R&S MNT
 
Introduction to Android Development and Security
Introduction to Android Development and SecurityIntroduction to Android Development and Security
Introduction to Android Development and Security
 
Dipping Your Toes Into Cloud Native Application Development
Dipping Your Toes Into Cloud Native Application DevelopmentDipping Your Toes Into Cloud Native Application Development
Dipping Your Toes Into Cloud Native Application Development
 

More from DevOps.com

Modernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareModernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareDevOps.com
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...DevOps.com
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...DevOps.com
 
Vulnerability Discovery in the Cloud
Vulnerability Discovery in the CloudVulnerability Discovery in the Cloud
Vulnerability Discovery in the CloudDevOps.com
 
2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and Predictions2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and PredictionsDevOps.com
 
A New Year’s Ransomware Resolution
A New Year’s Ransomware ResolutionA New Year’s Ransomware Resolution
A New Year’s Ransomware ResolutionDevOps.com
 
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)DevOps.com
 
Don't Panic! Effective Incident Response
Don't Panic! Effective Incident ResponseDon't Panic! Effective Incident Response
Don't Panic! Effective Incident ResponseDevOps.com
 
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's CultureCreating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's CultureDevOps.com
 
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with TeleportRole Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with TeleportDevOps.com
 
Monitoring Serverless Applications with Datadog
Monitoring Serverless Applications with DatadogMonitoring Serverless Applications with Datadog
Monitoring Serverless Applications with DatadogDevOps.com
 
Deliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or PrivatelyDeliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or PrivatelyDevOps.com
 
Securing medical apps in the age of covid final
Securing medical apps in the age of covid finalSecuring medical apps in the age of covid final
Securing medical apps in the age of covid finalDevOps.com
 
How to Build a Healthy On-Call Culture
How to Build a Healthy On-Call CultureHow to Build a Healthy On-Call Culture
How to Build a Healthy On-Call CultureDevOps.com
 
The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021DevOps.com
 
Secure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsSecure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsDevOps.com
 
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...DevOps.com
 
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...DevOps.com
 
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...DevOps.com
 
How IBM's Massive POWER9 UNIX Servers Benefit from InfluxDB and Grafana Techn...
How IBM's Massive POWER9 UNIX Servers Benefit from InfluxDB and Grafana Techn...How IBM's Massive POWER9 UNIX Servers Benefit from InfluxDB and Grafana Techn...
How IBM's Massive POWER9 UNIX Servers Benefit from InfluxDB and Grafana Techn...DevOps.com
 

More from DevOps.com (20)

Modernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareModernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source Software
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
 
Vulnerability Discovery in the Cloud
Vulnerability Discovery in the CloudVulnerability Discovery in the Cloud
Vulnerability Discovery in the Cloud
 
2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and Predictions2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and Predictions
 
A New Year’s Ransomware Resolution
A New Year’s Ransomware ResolutionA New Year’s Ransomware Resolution
A New Year’s Ransomware Resolution
 
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
 
Don't Panic! Effective Incident Response
Don't Panic! Effective Incident ResponseDon't Panic! Effective Incident Response
Don't Panic! Effective Incident Response
 
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's CultureCreating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
 
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with TeleportRole Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
 
Monitoring Serverless Applications with Datadog
Monitoring Serverless Applications with DatadogMonitoring Serverless Applications with Datadog
Monitoring Serverless Applications with Datadog
 
Deliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or PrivatelyDeliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or Privately
 
Securing medical apps in the age of covid final
Securing medical apps in the age of covid finalSecuring medical apps in the age of covid final
Securing medical apps in the age of covid final
 
How to Build a Healthy On-Call Culture
How to Build a Healthy On-Call CultureHow to Build a Healthy On-Call Culture
How to Build a Healthy On-Call Culture
 
The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021
 
Secure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsSecure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift Environments
 
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
 
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
 
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
 
How IBM's Massive POWER9 UNIX Servers Benefit from InfluxDB and Grafana Techn...
How IBM's Massive POWER9 UNIX Servers Benefit from InfluxDB and Grafana Techn...How IBM's Massive POWER9 UNIX Servers Benefit from InfluxDB and Grafana Techn...
How IBM's Massive POWER9 UNIX Servers Benefit from InfluxDB and Grafana Techn...
 

Recently uploaded

"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 

Recently uploaded (20)

"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 

Next Generation Vulnerability Assessment Using Datadog and Snyk

  • 1. Vulnerability Assessment using Datadog and Snyk January 21, 2021
  • 2. Agenda -Introduction -Snyk and Datadog Partnership -Understanding Continuous Profiling -See and analyze a trace -How Snyk Github Action Integrates the source graph -Snyk.io vulnerability mapping technology -User value proposition -Q&A
  • 3. Who are we? Andrew Krug Technical Evangelist Datadog Liran Tal Senior Developer Advocate Snyk
  • 4. Snyk and Datadog Partnership
  • 5. Identify And Prioritize Real-Time Code-Level Security Fixes – Datadog GitHub Actions integration tracks dependency and version information – Snyk augments this production data with security information about vulnerable methods – Available in Datadog & Snyk free tier
  • 7. What is Profiling? A form of software analysis that takes place dynamically – Measures software resource usage – Focus on performance and code level execution
  • 8. Profiling vs Tracing Profiling: ● In the runtime itself. ● Performance focus ○ CPU ○ Memory ○ Method Executions Tracing: ● Instrumented in the code ● Request oriented ○ Databases ○ External APIs
  • 9. Polling Question #1: What language do you develop in the most? 1. Python 2. Java 3. JavaScript 4. Rust 5. Go
  • 10. Let’s build it! and then, let’s exploit it!
  • 11. Sample Java Goof App ● Struts App ● To-Do List ● Open Source
  • 13. Dockerfile Based + AWS CDK ● Adds the Datadog Java Flight Recorder Interfaces
  • 14. Form that in AWS Using the CDK
  • 15. Some great attributes of the sidecar pattern ● Datadog manages that container for you ● No credentials for Datadog in the running app container ● Binds to the standard Datadog agent port in the “task” ● Uses standards in the language to instrument Flight Recorder Datadog Sidecar DD Agent Jar Datadog
  • 17. Snyk Integration How’s it work? ● Integrated with your CI/CD ● Github Action Available Builds a dependency graph ● Using Snyk ● Posts that to Datadog with a service & version via unified tagging. http://bit.ly/3qtdJQD
  • 18. Snyk Integration How’s it work? ● Integrated with your CI/CD ● Github Action Available Builds a dependency graph ● Using Snyk ● Posts that to Datadog with a service & version via unified tagging. http://bit.ly/3qtdJQD Commit Action Dependency Graph Snyk Cli Vulnerability JSON Ship to Datadog
  • 19. Relevant Vulnerability Information Module ( What? ) ● org.hibernate:hibernate-core Vulnerable Functions ( Where? ) ● org/hibernate/loader/plan/exec/query/internal/SelectStatementBuilder.toStatementString ● org/hibernate/sql/Delete.toStatementString ● org/hibernate/sql/Insert.toStatementString ● org/hibernate/sql/InsertSelect.toStatementString ● org/hibernate/sql/QuerySelect.toQueryString ● org/hibernate/sql/Select.toStatementString ● org/hibernate/sql/SimpleSelect.toStatementString ● org/hibernate/sql/Update.toStatementString
  • 20. Correlated with tracing! Version Service Correlated Trace using the Execution Graph Who? How?
  • 21. What open-source components are you importing? 1 Dependency tree annotated with vulnerabilities per each open-source module 1
  • 22. A developer-first experience for security insights
  • 23. A developer-first experience for security insights 1 2 3 1 Prioritize code-reachable code 2 Filter to find them quickly 3 Prioritize based on more than a CVSS
  • 24. A developer-first experience for security insights 1 Prioritize code-reachable code 2 Shows the vulnerable function 1 2
  • 25. One vulnerability away from being the next Equifax CVE-2017-5638
  • 26. One vulnerability away from being the next Equifax People had highly personal data exposed Remote code execution vulnerability was exploited From disclosure it took for exploits of the vulnerability to be seen in the wild After disclosure that Equifax was hacked, having failed to fix the vulnerability +150M Apache Struts A few hours 2 months
  • 27. One vulnerability away from being the next Equifax
  • 28. One vulnerability away from being the next Equifax
  • 29. Let’s hack Apache Struts servers
  • 30. One vulnerability away from being the next Equifax Equifax breach could be most costly in human history
  • 31. One vulnerability away from being the next Equifax Equifax breach could have been prevented If only there was someone responsible for security… 🤔
  • 32. One vulnerability away from being the next Equifax
  • 34. Developer-first Security integrated into your infrastructure monitoring – DevOps creates the infrastructure and make it easily consumable – Developers own the code, developers operate the infrastructure – Shifting-left security and augmenting data with actionable insights – Too many trees to see the forest? prioritize security, smartly!
  • 35. Follow-up Resources – Engineering blogs deep-dives: – Datadog: – Continuous Profiler – How we wrote a python profiler by Julian Danjou – Snyk: – Reachable vulnerabilities: how to effectively prioritze open source security by Krysztof Huszcza – Optimizing prioritization with deep application-level context by Daniel Berman, Michael Komraz – Open source – Datadog profiler is open source – The Snyk CLI open sourced on a GitHub repository – Sample datadog-snyk integration Java app – Snyk integration Github Action
  • 36. Follow-up Resources – Datadog and Snyk GitHub Action – Getting started with Datadog and Snyk blog post – Datadog community office hours for any help you need! https://docs.datadoghq.com/developers/office_hours/