SlideShare a Scribd company logo

Terrascan - Cloud Native Security Tool

sangam biradar
sangam biradar

This presentation presented at GDG Bangalore meetup give a star :- https://github.com/accurics/terrascan

Technology
1 of 22
Download to read offline
Introducing TerraScan – Cloud Native Security Tool Sangam Biradar Developer Advocate – APAC Accurics Docker Community Leader Okteto / Traefik Amabassdor https://discord.kubedaily.live
How many vulnerability are reported ? Source:- https://nvd.nist.gov/vuln/search/statistics
DevSecOps • Integrate security tools • Create security as code culture • Promote cross skills
RUN CODE COMMIT BUILD DEPLOY Developer DevOps Writes application code Builds infrastructure Operates cloud SAST SCA CSPM Deploys cloud CLOUD SECURITY Securing DevOps workflows is today’s problem. SRE CLOUD COMPUTING Commits code CWPP
Why we need DevSecOps ? Source Code Repository Staging/ CI/CD Server Developer Build Production QA Monitoring Suit of Security Test
Source Code Repository Staging/ CI/CD Server Developer Build Production QA Monitoring Suit of Security Test automate source code review 1 SQL Injection
Threat Modeling • What are we building? • What can go wrong? • What are we going to do about that?
SAST , SCA • Vulnerabilities Detection • Requires Source Code Access • Remediation • SDLC Integration • False Positives • Timeframe • Risk Coverage • SCA (Software Composition Analysis) • SAST (Static Application Security Testing)
DAST , SCA • Dynamic Analysis and Security Testing (DAST) • Dynamic application security testing (DAST) is a type of black-box security testing in which tests are performed by attacking an application from the outside. • Pros • #1 Technology independent • #2 Low false positives • #3 Identifies configuration issues • Cons • #1 Not highly scalable • #2 No code visibility • #3 Slow scans
IAST • IAST typically is implemented by deploying agents and sensors in the application post build. The agent observes the application’s operation and analyzes traffic flow to identify security vulnerabilities. It does this by mapping external signatures or patterns to source code, which allows it to identify more complex vulnerabilities. • IAST test results are usually reported in real time via a web browser, dashboard, or customized report without adding extra time to the CI/CD pipeline. IAST results can also be combined with other issues tracking tools. Pros • #1 Low Number of False Positives • #2 Instant Feedback • #3 Highly Scalable Cons • #1 Limited Language Coverage • #2 Requires a Mature Test Environment • #3 Not Widely Adopted
Configuration Drift • configuration drift occurs whenever someone makes a change to the production environment without recording those changes and without ensuring complete parity between staging and production. And, although it’s unintentional, it can end in unanticipated bugs and the resulting flurry of pleas for rapid incident response. • Critical package updates are made at breakneck speeds to address a security vulnerability or incident and often ignore procedure in favor of speed. • When testing servers, a developer may make a manual configuration change to better document or track a bug, which could help define that issue, but if the configuration change isn’t changed back, it will cause drift. • Adding more resources to bolster server configuration can help systems cope with peak load times but are often unplanned or undocumented, eventually leading to configuration drift.
RASP • RASP is a technology that runs on a server and kicks in when an application runs. It's designed to detect attacks on an application in real time
Secret Management • Often credentials are store in config files • Leakage can result in abuse scenario • Secrets management allows you to tokenize the information
Infrastructure as code • Infrastructure as a code allows you to document & version control the infra • It also allows you to perform audit on the infrastructure • Docker / K8s infra relies on base images • Environment is as secure as the base images • Base images need to be minimal in nature & need to be assessed to identify inherited vulnerabilities
Cloud Native Security approach to security • Different Service Providers Approach Security Differently • All of them provide some of the ingredient In-house • Irrespective of cloud providers some tools will need to be sourced • Static code analysis tool • Dynamic Code Analysis Tool • Software Composition Analysis • Vulnerability Management Tool
Terrascan • Terrascan detects security vulnerabilities and compliance violations across your Infrastructure as Code. Mitigate risks before provisioning cloud native infrastructure. Run locally or integrate with your CICD. • Documentation: https://docs.accurics.com/projects /accurics-terrascan • Discuss: https://community.accurics.com Features • 500+ Policies for security best practices • Scanning of Terraform (HCL2) • Scanning of Kubernetes (JSON/YAML), Helm v3, and Kustomize v3 • Support for AWS, Azure, GCP, Kubernetes and GitHub • Accurics Discord Server ! Join Community • https://discord.gg/G6EyMg4kCP
Introduction To Terrascan
Terrascan using docker • Use terrascan as container • $ docker run --rm --name terrascan -p 9010:9010 accurics/terrascan • curl -i -F "file=@main.tf" localhost:9010/v1/terraform/v14/aws/local/file /scan
terrascan for terraform • terrascan scan -t aws • terrascan scan –t aws | -d terraform-demo
Demo Time
Thank You!

Recommended

XCloudLabs- AWS Overview
XCloudLabs- AWS Overview XCloudLabs- AWS Overview
XCloudLabs- AWS Overview
sangam biradar
 
Rabncher Meetup India , Lightweight Kubernetes Development with K3s, k3os and...
Rabncher Meetup India , Lightweight Kubernetes Development with K3s, k3os and...Rabncher Meetup India , Lightweight Kubernetes Development with K3s, k3os and...
Rabncher Meetup India , Lightweight Kubernetes Development with K3s, k3os and...
sangam biradar
 
Introducing Pico - A Deep Learning Platform using Docker & IoT - Sangam Biradar
Introducing Pico - A Deep Learning Platform using Docker & IoT - Sangam BiradarIntroducing Pico - A Deep Learning Platform using Docker & IoT - Sangam Biradar
Introducing Pico - A Deep Learning Platform using Docker & IoT - Sangam Biradar
sangam biradar
 
DockerCon SF 2015: Faster, Cheaper, Safer
DockerCon SF 2015: Faster, Cheaper, SaferDockerCon SF 2015: Faster, Cheaper, Safer
DockerCon SF 2015: Faster, Cheaper, Safer
Docker, Inc.
 
Securing your AWS Deployments with Spinnaker and Armory Enterprise
Securing your AWS Deployments with Spinnaker and Armory EnterpriseSecuring your AWS Deployments with Spinnaker and Armory Enterprise
Securing your AWS Deployments with Spinnaker and Armory Enterprise
DevOps.com
 
Running Azure PaaS Anywhere using Kubernetes
Running Azure PaaS Anywhere using KubernetesRunning Azure PaaS Anywhere using Kubernetes
Running Azure PaaS Anywhere using Kubernetes
Jorge Arteiro
 
56k.cloud intro and pitch deck
56k.cloud intro and pitch deck56k.cloud intro and pitch deck
56k.cloud intro and pitch deck
Brian Christner
 
DockerCon SF 2015 : Reliably shipping containers in a resource rich world usi...
DockerCon SF 2015 : Reliably shipping containers in a resource rich world usi...DockerCon SF 2015 : Reliably shipping containers in a resource rich world usi...
DockerCon SF 2015 : Reliably shipping containers in a resource rich world usi...
Docker, Inc.
 

Recommended

XCloudLabs- AWS Overview
XCloudLabs- AWS Overview XCloudLabs- AWS Overview
XCloudLabs- AWS Overview
sangam biradar
 
Rabncher Meetup India , Lightweight Kubernetes Development with K3s, k3os and...
Rabncher Meetup India , Lightweight Kubernetes Development with K3s, k3os and...Rabncher Meetup India , Lightweight Kubernetes Development with K3s, k3os and...
Rabncher Meetup India , Lightweight Kubernetes Development with K3s, k3os and...
sangam biradar
 
Introducing Pico - A Deep Learning Platform using Docker & IoT - Sangam Biradar
Introducing Pico - A Deep Learning Platform using Docker & IoT - Sangam BiradarIntroducing Pico - A Deep Learning Platform using Docker & IoT - Sangam Biradar
Introducing Pico - A Deep Learning Platform using Docker & IoT - Sangam Biradar
sangam biradar
 
DockerCon SF 2015: Faster, Cheaper, Safer
DockerCon SF 2015: Faster, Cheaper, SaferDockerCon SF 2015: Faster, Cheaper, Safer
DockerCon SF 2015: Faster, Cheaper, Safer
Docker, Inc.
 
Securing your AWS Deployments with Spinnaker and Armory Enterprise
Securing your AWS Deployments with Spinnaker and Armory EnterpriseSecuring your AWS Deployments with Spinnaker and Armory Enterprise
Securing your AWS Deployments with Spinnaker and Armory Enterprise
DevOps.com
 
Running Azure PaaS Anywhere using Kubernetes
Running Azure PaaS Anywhere using KubernetesRunning Azure PaaS Anywhere using Kubernetes
Running Azure PaaS Anywhere using Kubernetes
Jorge Arteiro
 
56k.cloud intro and pitch deck
56k.cloud intro and pitch deck56k.cloud intro and pitch deck
56k.cloud intro and pitch deck
Brian Christner
 
DockerCon SF 2015 : Reliably shipping containers in a resource rich world usi...
DockerCon SF 2015 : Reliably shipping containers in a resource rich world usi...DockerCon SF 2015 : Reliably shipping containers in a resource rich world usi...
DockerCon SF 2015 : Reliably shipping containers in a resource rich world usi...
Docker, Inc.
 
DockerCon SF 2015: Interconnecting Containers at Scale w/ NGINX
DockerCon SF 2015: Interconnecting Containers at Scale w/ NGINXDockerCon SF 2015: Interconnecting Containers at Scale w/ NGINX
DockerCon SF 2015: Interconnecting Containers at Scale w/ NGINXDocker, Inc.
 
DCEU 18: From Monolith to Microservices
DCEU 18: From Monolith to MicroservicesDCEU 18: From Monolith to Microservices
DCEU 18: From Monolith to Microservices
Docker, Inc.
 
Serverless security - how to protect what you don't see?
Serverless security - how to protect what you don't see?Serverless security - how to protect what you don't see?
Serverless security - how to protect what you don't see?
Sqreen
 
NetflixOSS and ZeroToDocker Talk
NetflixOSS and ZeroToDocker TalkNetflixOSS and ZeroToDocker Talk
NetflixOSS and ZeroToDocker Talk
aspyker
 
Keeping your Kubernetes Cluster Secure
Keeping your Kubernetes Cluster SecureKeeping your Kubernetes Cluster Secure
Keeping your Kubernetes Cluster Secure
Gene Gotimer
 
DCSF19 Kubernetes Security with OPA
DCSF19 Kubernetes Security with OPA DCSF19 Kubernetes Security with OPA
DCSF19 Kubernetes Security with OPA
Docker, Inc.
 
Docker Serverless
Docker ServerlessDocker Serverless
Docker Serverless
Brian Christner
 
Kubescape single pane of glass
Kubescape single pane of glassKubescape single pane of glass
Kubescape single pane of glass
LibbySchulze1
 
Practical Guide to Securing Kubernetes
Practical Guide to Securing KubernetesPractical Guide to Securing Kubernetes
Practical Guide to Securing Kubernetes
Lacework
 
Whats new in brigade 2
Whats new in brigade 2Whats new in brigade 2
Whats new in brigade 2
LibbySchulze
 
The elements of kubernetes
The elements of kubernetesThe elements of kubernetes
The elements of kubernetes
Aaron Schlesinger
 
AKS Azure Kubernetes Services Workshop Jorge Arteiro
AKS Azure Kubernetes Services Workshop Jorge ArteiroAKS Azure Kubernetes Services Workshop Jorge Arteiro
AKS Azure Kubernetes Services Workshop Jorge Arteiro
Jorge Arteiro
 
Canary Releases on Kubernetes w/ Spinnaker, Istio, and Prometheus
Canary Releases on Kubernetes w/ Spinnaker, Istio, and PrometheusCanary Releases on Kubernetes w/ Spinnaker, Istio, and Prometheus
Canary Releases on Kubernetes w/ Spinnaker, Istio, and Prometheus
Kublr
 
Zero-downtime deployment with Kubernetes [Meetup #21 - 01]
Zero-downtime deployment with Kubernetes [Meetup #21 - 01]Zero-downtime deployment with Kubernetes [Meetup #21 - 01]
Zero-downtime deployment with Kubernetes [Meetup #21 - 01]
Vietnam Open Infrastructure User Group
 
DCSF 19 Mitigating Legacy Windows Operating System Vulnerabilities with Docke...
DCSF 19 Mitigating Legacy Windows Operating System Vulnerabilities with Docke...DCSF 19 Mitigating Legacy Windows Operating System Vulnerabilities with Docke...
DCSF 19 Mitigating Legacy Windows Operating System Vulnerabilities with Docke...
Docker, Inc.
 
Netflix Cloud Platform and Open Source
Netflix Cloud Platform and Open SourceNetflix Cloud Platform and Open Source
Netflix Cloud Platform and Open Source
aspyker
 
Ricardo Fiel - Microsoft - OSL19
Ricardo Fiel - Microsoft - OSL19Ricardo Fiel - Microsoft - OSL19
Ricardo Fiel - Microsoft - OSL19
marketingsyone
 
Netflix Open Source: Building a Distributed and Automated Open Source Program
Netflix Open Source: Building a Distributed and Automated Open Source ProgramNetflix Open Source: Building a Distributed and Automated Open Source Program
Netflix Open Source: Building a Distributed and Automated Open Source Program
aspyker
 
End-to-end test automation with Endtest.dev
End-to-end test automation with Endtest.devEnd-to-end test automation with Endtest.dev
End-to-end test automation with Endtest.dev
Konstantin Tarkus
 
Policy as code what helm developers need to know about security
Policy as code what helm developers need to know about securityPolicy as code what helm developers need to know about security
Policy as code what helm developers need to know about security
LibbySchulze
 
Cncf checkov and bridgecrew
Cncf checkov and bridgecrewCncf checkov and bridgecrew
Cncf checkov and bridgecrew
LibbySchulze
 
Past, Present and Future of DevOps Infrastructure
Past, Present and Future of DevOps InfrastructurePast, Present and Future of DevOps Infrastructure
Past, Present and Future of DevOps Infrastructure
Synergetics Learning and Cloud Consulting
 

More Related Content

What's hot

DockerCon SF 2015: Interconnecting Containers at Scale w/ NGINX
DockerCon SF 2015: Interconnecting Containers at Scale w/ NGINXDockerCon SF 2015: Interconnecting Containers at Scale w/ NGINX
DockerCon SF 2015: Interconnecting Containers at Scale w/ NGINXDocker, Inc.
 
DCEU 18: From Monolith to Microservices
DCEU 18: From Monolith to MicroservicesDCEU 18: From Monolith to Microservices
DCEU 18: From Monolith to Microservices
Docker, Inc.
 
Serverless security - how to protect what you don't see?
Serverless security - how to protect what you don't see?Serverless security - how to protect what you don't see?
Serverless security - how to protect what you don't see?
Sqreen
 
NetflixOSS and ZeroToDocker Talk
NetflixOSS and ZeroToDocker TalkNetflixOSS and ZeroToDocker Talk
NetflixOSS and ZeroToDocker Talk
aspyker
 
Keeping your Kubernetes Cluster Secure
Keeping your Kubernetes Cluster SecureKeeping your Kubernetes Cluster Secure
Keeping your Kubernetes Cluster Secure
Gene Gotimer
 
DCSF19 Kubernetes Security with OPA
DCSF19 Kubernetes Security with OPA DCSF19 Kubernetes Security with OPA
DCSF19 Kubernetes Security with OPA
Docker, Inc.
 
Docker Serverless
Docker ServerlessDocker Serverless
Docker Serverless
Brian Christner
 
Kubescape single pane of glass
Kubescape single pane of glassKubescape single pane of glass
Kubescape single pane of glass
LibbySchulze1
 
Practical Guide to Securing Kubernetes
Practical Guide to Securing KubernetesPractical Guide to Securing Kubernetes
Practical Guide to Securing Kubernetes
Lacework
 
Whats new in brigade 2
Whats new in brigade 2Whats new in brigade 2
Whats new in brigade 2
LibbySchulze
 
The elements of kubernetes
The elements of kubernetesThe elements of kubernetes
The elements of kubernetes
Aaron Schlesinger
 
AKS Azure Kubernetes Services Workshop Jorge Arteiro
AKS Azure Kubernetes Services Workshop Jorge ArteiroAKS Azure Kubernetes Services Workshop Jorge Arteiro
AKS Azure Kubernetes Services Workshop Jorge Arteiro
Jorge Arteiro
 
Canary Releases on Kubernetes w/ Spinnaker, Istio, and Prometheus
Canary Releases on Kubernetes w/ Spinnaker, Istio, and PrometheusCanary Releases on Kubernetes w/ Spinnaker, Istio, and Prometheus
Canary Releases on Kubernetes w/ Spinnaker, Istio, and Prometheus
Kublr
 
Zero-downtime deployment with Kubernetes [Meetup #21 - 01]
Zero-downtime deployment with Kubernetes [Meetup #21 - 01]Zero-downtime deployment with Kubernetes [Meetup #21 - 01]
Zero-downtime deployment with Kubernetes [Meetup #21 - 01]
Vietnam Open Infrastructure User Group
 
DCSF 19 Mitigating Legacy Windows Operating System Vulnerabilities with Docke...
DCSF 19 Mitigating Legacy Windows Operating System Vulnerabilities with Docke...DCSF 19 Mitigating Legacy Windows Operating System Vulnerabilities with Docke...
DCSF 19 Mitigating Legacy Windows Operating System Vulnerabilities with Docke...
Docker, Inc.
 
Netflix Cloud Platform and Open Source
Netflix Cloud Platform and Open SourceNetflix Cloud Platform and Open Source
Netflix Cloud Platform and Open Source
aspyker
 
Ricardo Fiel - Microsoft - OSL19
Ricardo Fiel - Microsoft - OSL19Ricardo Fiel - Microsoft - OSL19
Ricardo Fiel - Microsoft - OSL19
marketingsyone
 
Netflix Open Source: Building a Distributed and Automated Open Source Program
Netflix Open Source: Building a Distributed and Automated Open Source ProgramNetflix Open Source: Building a Distributed and Automated Open Source Program
Netflix Open Source: Building a Distributed and Automated Open Source Program
aspyker
 
End-to-end test automation with Endtest.dev
End-to-end test automation with Endtest.devEnd-to-end test automation with Endtest.dev
End-to-end test automation with Endtest.dev
Konstantin Tarkus
 
Policy as code what helm developers need to know about security
Policy as code what helm developers need to know about securityPolicy as code what helm developers need to know about security
Policy as code what helm developers need to know about security
LibbySchulze
 

What's hot (20)

DockerCon SF 2015: Interconnecting Containers at Scale w/ NGINX
DockerCon SF 2015: Interconnecting Containers at Scale w/ NGINXDockerCon SF 2015: Interconnecting Containers at Scale w/ NGINX
DockerCon SF 2015: Interconnecting Containers at Scale w/ NGINX
 
DCEU 18: From Monolith to Microservices
DCEU 18: From Monolith to MicroservicesDCEU 18: From Monolith to Microservices
DCEU 18: From Monolith to Microservices
 
Serverless security - how to protect what you don't see?
Serverless security - how to protect what you don't see?Serverless security - how to protect what you don't see?
Serverless security - how to protect what you don't see?
 
NetflixOSS and ZeroToDocker Talk
NetflixOSS and ZeroToDocker TalkNetflixOSS and ZeroToDocker Talk
NetflixOSS and ZeroToDocker Talk
 
Keeping your Kubernetes Cluster Secure
Keeping your Kubernetes Cluster SecureKeeping your Kubernetes Cluster Secure
Keeping your Kubernetes Cluster Secure
 
DCSF19 Kubernetes Security with OPA
DCSF19 Kubernetes Security with OPA DCSF19 Kubernetes Security with OPA
DCSF19 Kubernetes Security with OPA
 
Docker Serverless
Docker ServerlessDocker Serverless
Docker Serverless
 
Kubescape single pane of glass
Kubescape single pane of glassKubescape single pane of glass
Kubescape single pane of glass
 
Practical Guide to Securing Kubernetes
Practical Guide to Securing KubernetesPractical Guide to Securing Kubernetes
Practical Guide to Securing Kubernetes
 
Whats new in brigade 2
Whats new in brigade 2Whats new in brigade 2
Whats new in brigade 2
 
The elements of kubernetes
The elements of kubernetesThe elements of kubernetes
The elements of kubernetes
 
AKS Azure Kubernetes Services Workshop Jorge Arteiro
AKS Azure Kubernetes Services Workshop Jorge ArteiroAKS Azure Kubernetes Services Workshop Jorge Arteiro
AKS Azure Kubernetes Services Workshop Jorge Arteiro
 
Canary Releases on Kubernetes w/ Spinnaker, Istio, and Prometheus
Canary Releases on Kubernetes w/ Spinnaker, Istio, and PrometheusCanary Releases on Kubernetes w/ Spinnaker, Istio, and Prometheus
Canary Releases on Kubernetes w/ Spinnaker, Istio, and Prometheus
 
Zero-downtime deployment with Kubernetes [Meetup #21 - 01]
Zero-downtime deployment with Kubernetes [Meetup #21 - 01]Zero-downtime deployment with Kubernetes [Meetup #21 - 01]
Zero-downtime deployment with Kubernetes [Meetup #21 - 01]
 
DCSF 19 Mitigating Legacy Windows Operating System Vulnerabilities with Docke...
DCSF 19 Mitigating Legacy Windows Operating System Vulnerabilities with Docke...DCSF 19 Mitigating Legacy Windows Operating System Vulnerabilities with Docke...
DCSF 19 Mitigating Legacy Windows Operating System Vulnerabilities with Docke...
 
Netflix Cloud Platform and Open Source
Netflix Cloud Platform and Open SourceNetflix Cloud Platform and Open Source
Netflix Cloud Platform and Open Source
 
Ricardo Fiel - Microsoft - OSL19
Ricardo Fiel - Microsoft - OSL19Ricardo Fiel - Microsoft - OSL19
Ricardo Fiel - Microsoft - OSL19
 
Netflix Open Source: Building a Distributed and Automated Open Source Program
Netflix Open Source: Building a Distributed and Automated Open Source ProgramNetflix Open Source: Building a Distributed and Automated Open Source Program
Netflix Open Source: Building a Distributed and Automated Open Source Program
 
End-to-end test automation with Endtest.dev
End-to-end test automation with Endtest.devEnd-to-end test automation with Endtest.dev
End-to-end test automation with Endtest.dev
 
Policy as code what helm developers need to know about security
Policy as code what helm developers need to know about securityPolicy as code what helm developers need to know about security
Policy as code what helm developers need to know about security
 

Similar to Terrascan - Cloud Native Security Tool

Cncf checkov and bridgecrew
Cncf checkov and bridgecrewCncf checkov and bridgecrew
Cncf checkov and bridgecrew
LibbySchulze
 
Past, Present and Future of DevOps Infrastructure
Past, Present and Future of DevOps InfrastructurePast, Present and Future of DevOps Infrastructure
Past, Present and Future of DevOps Infrastructure
Synergetics Learning and Cloud Consulting
 
Implementing Fast IT Deploying Applications at the Pace of Innovation
Implementing Fast IT Deploying Applications at the Pace of Innovation Implementing Fast IT Deploying Applications at the Pace of Innovation
Implementing Fast IT Deploying Applications at the Pace of Innovation
Cisco DevNet
 
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Qualcomm Developer Network
 
Azure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudAzure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure Cloud
Paulo Renato
 
Getting to Walk with DevOps
Getting to Walk with DevOpsGetting to Walk with DevOps
Getting to Walk with DevOps
Eklove Mohan
 
Devops architecture
Devops architectureDevops architecture
Devops architecture
Ojasvi Jagtap
 
Are Your Containers as Secure as You Think?
Are Your Containers as Secure as You Think?Are Your Containers as Secure as You Think?
Are Your Containers as Secure as You Think?
DevOps.com
 
56k.cloud training
56k.cloud training56k.cloud training
56k.cloud training
Brian Christner
 
TechTalk 2021: Peran IT Security dalam Penerapan DevOps
TechTalk 2021: Peran IT Security dalam Penerapan DevOpsTechTalk 2021: Peran IT Security dalam Penerapan DevOps
TechTalk 2021: Peran IT Security dalam Penerapan DevOps
DicodingEvent
 
DevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to SecurityDevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to Security
Alert Logic
 
Patterns and Pains of Migrating Legacy Applications to Kubernetes
Patterns and Pains of Migrating Legacy Applications to KubernetesPatterns and Pains of Migrating Legacy Applications to Kubernetes
Patterns and Pains of Migrating Legacy Applications to Kubernetes
QAware GmbH
 
Patterns and Pains of Migrating Legacy Applications to Kubernetes
Patterns and Pains of Migrating Legacy Applications to KubernetesPatterns and Pains of Migrating Legacy Applications to Kubernetes
Patterns and Pains of Migrating Legacy Applications to Kubernetes
Josef Adersberger
 
DevSecCon London 2017: when good containers go bad by Tim Mackey
DevSecCon London 2017: when good containers go bad by Tim MackeyDevSecCon London 2017: when good containers go bad by Tim Mackey
DevSecCon London 2017: when good containers go bad by Tim Mackey
DevSecCon
 
DEVNET-1169 CI/CT/CD on a Micro Services Applications using Docker, Salt & Ni...
DEVNET-1169 CI/CT/CD on a Micro Services Applications using Docker, Salt & Ni...DEVNET-1169 CI/CT/CD on a Micro Services Applications using Docker, Salt & Ni...
DEVNET-1169 CI/CT/CD on a Micro Services Applications using Docker, Salt & Ni...
Cisco DevNet
 
15-factor-apps.pdf
15-factor-apps.pdf15-factor-apps.pdf
15-factor-apps.pdf
Nilesh Gule
 
DevSecOps Beginners Guide : How to secure process in DevOps with OpenSource
DevSecOps Beginners Guide : How to secure process in DevOps with OpenSourceDevSecOps Beginners Guide : How to secure process in DevOps with OpenSource
DevSecOps Beginners Guide : How to secure process in DevOps with OpenSource
DevOps Indonesia
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Denim Group
 
Why modern cloud infrastructure require automation
Why modern cloud infrastructure require automationWhy modern cloud infrastructure require automation
Why modern cloud infrastructure require automation
Gerald Crescione
 
Secure Your Code Implement DevSecOps in Azure
Secure Your Code Implement DevSecOps in AzureSecure Your Code Implement DevSecOps in Azure
Secure Your Code Implement DevSecOps in Azure
kloia
 

Similar to Terrascan - Cloud Native Security Tool (20)

Cncf checkov and bridgecrew
Cncf checkov and bridgecrewCncf checkov and bridgecrew
Cncf checkov and bridgecrew
 
Past, Present and Future of DevOps Infrastructure
Past, Present and Future of DevOps InfrastructurePast, Present and Future of DevOps Infrastructure
Past, Present and Future of DevOps Infrastructure
 
Implementing Fast IT Deploying Applications at the Pace of Innovation
Implementing Fast IT Deploying Applications at the Pace of Innovation Implementing Fast IT Deploying Applications at the Pace of Innovation
Implementing Fast IT Deploying Applications at the Pace of Innovation
 
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
 
Azure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudAzure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure Cloud
 
Getting to Walk with DevOps
Getting to Walk with DevOpsGetting to Walk with DevOps
Getting to Walk with DevOps
 
Devops architecture
Devops architectureDevops architecture
Devops architecture
 
Are Your Containers as Secure as You Think?
Are Your Containers as Secure as You Think?Are Your Containers as Secure as You Think?
Are Your Containers as Secure as You Think?
 
56k.cloud training
56k.cloud training56k.cloud training
56k.cloud training
 
TechTalk 2021: Peran IT Security dalam Penerapan DevOps
TechTalk 2021: Peran IT Security dalam Penerapan DevOpsTechTalk 2021: Peran IT Security dalam Penerapan DevOps
TechTalk 2021: Peran IT Security dalam Penerapan DevOps
 
DevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to SecurityDevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to Security
 
Patterns and Pains of Migrating Legacy Applications to Kubernetes
Patterns and Pains of Migrating Legacy Applications to KubernetesPatterns and Pains of Migrating Legacy Applications to Kubernetes
Patterns and Pains of Migrating Legacy Applications to Kubernetes
 
Patterns and Pains of Migrating Legacy Applications to Kubernetes
Patterns and Pains of Migrating Legacy Applications to KubernetesPatterns and Pains of Migrating Legacy Applications to Kubernetes
Patterns and Pains of Migrating Legacy Applications to Kubernetes
 
DevSecCon London 2017: when good containers go bad by Tim Mackey
DevSecCon London 2017: when good containers go bad by Tim MackeyDevSecCon London 2017: when good containers go bad by Tim Mackey
DevSecCon London 2017: when good containers go bad by Tim Mackey
 
DEVNET-1169 CI/CT/CD on a Micro Services Applications using Docker, Salt & Ni...
DEVNET-1169 CI/CT/CD on a Micro Services Applications using Docker, Salt & Ni...DEVNET-1169 CI/CT/CD on a Micro Services Applications using Docker, Salt & Ni...
DEVNET-1169 CI/CT/CD on a Micro Services Applications using Docker, Salt & Ni...
 
15-factor-apps.pdf
15-factor-apps.pdf15-factor-apps.pdf
15-factor-apps.pdf
 
DevSecOps Beginners Guide : How to secure process in DevOps with OpenSource
DevSecOps Beginners Guide : How to secure process in DevOps with OpenSourceDevSecOps Beginners Guide : How to secure process in DevOps with OpenSource
DevSecOps Beginners Guide : How to secure process in DevOps with OpenSource
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
 
Why modern cloud infrastructure require automation
Why modern cloud infrastructure require automationWhy modern cloud infrastructure require automation
Why modern cloud infrastructure require automation
 
Secure Your Code Implement DevSecOps in Azure
Secure Your Code Implement DevSecOps in AzureSecure Your Code Implement DevSecOps in Azure
Secure Your Code Implement DevSecOps in Azure
 

More from sangam biradar

Dockerize Spago Self Contained ML & NLP Library & Deploy on Okteto Cloud Usin...
Dockerize Spago Self Contained ML & NLP Library & Deploy on Okteto Cloud Usin...Dockerize Spago Self Contained ML & NLP Library & Deploy on Okteto Cloud Usin...
Dockerize Spago Self Contained ML & NLP Library & Deploy on Okteto Cloud Usin...
sangam biradar
 
Rustlabs Quick Start
Rustlabs Quick StartRustlabs Quick Start
Rustlabs Quick Start
sangam biradar
 
Okteto For Kubernetes Developer :- Container Camp 2020
Okteto For Kubernetes Developer :- Container Camp 2020 Okteto For Kubernetes Developer :- Container Camp 2020
Okteto For Kubernetes Developer :- Container Camp 2020
sangam biradar
 
Happy Helming With Okteto
Happy Helming With OktetoHappy Helming With Okteto
Happy Helming With Okteto
sangam biradar
 
5 cool ways to get started with Cloud Native Development ( with Okteto)
5 cool ways to get started with Cloud Native Development ( with Okteto)5 cool ways to get started with Cloud Native Development ( with Okteto)
5 cool ways to get started with Cloud Native Development ( with Okteto)
sangam biradar
 
Docker + Tenserflow + GOlang - Golang singapore Meetup
Docker + Tenserflow + GOlang - Golang singapore MeetupDocker + Tenserflow + GOlang - Golang singapore Meetup
Docker + Tenserflow + GOlang - Golang singapore Meetup
sangam biradar
 
kikstart journey of Golang with Hello world - Gopherlabs
kikstart journey of Golang with Hello world - Gopherlabs kikstart journey of Golang with Hello world - Gopherlabs
kikstart journey of Golang with Hello world - Gopherlabs
sangam biradar
 
funcs, func expressions, closure, returning funcs, recursion, the stack -goph...
funcs, func expressions, closure, returning funcs, recursion, the stack -goph...funcs, func expressions, closure, returning funcs, recursion, the stack -goph...
funcs, func expressions, closure, returning funcs, recursion, the stack -goph...
sangam biradar
 
Decision making - for loop , nested loop ,if-else statements , switch in goph...
Decision making - for loop , nested loop ,if-else statements , switch in goph...Decision making - for loop , nested loop ,if-else statements , switch in goph...
Decision making - for loop , nested loop ,if-else statements , switch in goph...
sangam biradar
 
Types - slice, map, new, make, struct - Gopherlabs
Types - slice, map, new, make, struct - Gopherlabs Types - slice, map, new, make, struct - Gopherlabs
Types - slice, map, new, make, struct - Gopherlabs
sangam biradar
 
Cloud Native Okteto Cloud
Cloud Native Okteto Cloud Cloud Native Okteto Cloud
Cloud Native Okteto Cloud
sangam biradar
 
Google ko: fast Kubernetes microservice development in Go - Sangam Biradar, E...
Google ko: fast Kubernetes microservice development in Go - Sangam Biradar, E...Google ko: fast Kubernetes microservice development in Go - Sangam Biradar, E...
Google ko: fast Kubernetes microservice development in Go - Sangam Biradar, E...
sangam biradar
 
welcome to gopherlabs - why go (golang)?
welcome to gopherlabs - why go (golang)?welcome to gopherlabs - why go (golang)?
welcome to gopherlabs - why go (golang)?
sangam biradar
 
TensorFlow, Docker & GoLang - All for Image Rekognition Sangam Biradar(Engine...
TensorFlow, Docker & GoLang - All for Image Rekognition Sangam Biradar(Engine...TensorFlow, Docker & GoLang - All for Image Rekognition Sangam Biradar(Engine...
TensorFlow, Docker & GoLang - All for Image Rekognition Sangam Biradar(Engine...
sangam biradar
 
September 7, 2019 Cloud Native and Containerisation (Joint Meetup with Docke...
September 7, 2019 Cloud Native and Containerisation (Joint Meetup with Docke...September 7, 2019 Cloud Native and Containerisation (Joint Meetup with Docke...
September 7, 2019 Cloud Native and Containerisation (Joint Meetup with Docke...
sangam biradar
 
Implementing Lightweight Kubernetes(K3s) on Raspberry Pi Stack - Sangam Biradar
Implementing Lightweight Kubernetes(K3s) on Raspberry Pi Stack - Sangam BiradarImplementing Lightweight Kubernetes(K3s) on Raspberry Pi Stack - Sangam Biradar
Implementing Lightweight Kubernetes(K3s) on Raspberry Pi Stack - Sangam Biradar
sangam biradar
 
Docker on IOT - Dockercon19 SFO Recap & Announcements, Bangalore
Docker on IOT - Dockercon19 SFO Recap & Announcements, BangaloreDocker on IOT - Dockercon19 SFO Recap & Announcements, Bangalore
Docker on IOT - Dockercon19 SFO Recap & Announcements, Bangalore
sangam biradar
 

More from sangam biradar (17)

Dockerize Spago Self Contained ML & NLP Library & Deploy on Okteto Cloud Usin...
Dockerize Spago Self Contained ML & NLP Library & Deploy on Okteto Cloud Usin...Dockerize Spago Self Contained ML & NLP Library & Deploy on Okteto Cloud Usin...
Dockerize Spago Self Contained ML & NLP Library & Deploy on Okteto Cloud Usin...
 
Rustlabs Quick Start
Rustlabs Quick StartRustlabs Quick Start
Rustlabs Quick Start
 
Okteto For Kubernetes Developer :- Container Camp 2020
Okteto For Kubernetes Developer :- Container Camp 2020 Okteto For Kubernetes Developer :- Container Camp 2020
Okteto For Kubernetes Developer :- Container Camp 2020
 
Happy Helming With Okteto
Happy Helming With OktetoHappy Helming With Okteto
Happy Helming With Okteto
 
5 cool ways to get started with Cloud Native Development ( with Okteto)
5 cool ways to get started with Cloud Native Development ( with Okteto)5 cool ways to get started with Cloud Native Development ( with Okteto)
5 cool ways to get started with Cloud Native Development ( with Okteto)
 
Docker + Tenserflow + GOlang - Golang singapore Meetup
Docker + Tenserflow + GOlang - Golang singapore MeetupDocker + Tenserflow + GOlang - Golang singapore Meetup
Docker + Tenserflow + GOlang - Golang singapore Meetup
 
kikstart journey of Golang with Hello world - Gopherlabs
kikstart journey of Golang with Hello world - Gopherlabs kikstart journey of Golang with Hello world - Gopherlabs
kikstart journey of Golang with Hello world - Gopherlabs
 
funcs, func expressions, closure, returning funcs, recursion, the stack -goph...
funcs, func expressions, closure, returning funcs, recursion, the stack -goph...funcs, func expressions, closure, returning funcs, recursion, the stack -goph...
funcs, func expressions, closure, returning funcs, recursion, the stack -goph...
 
Decision making - for loop , nested loop ,if-else statements , switch in goph...
Decision making - for loop , nested loop ,if-else statements , switch in goph...Decision making - for loop , nested loop ,if-else statements , switch in goph...
Decision making - for loop , nested loop ,if-else statements , switch in goph...
 
Types - slice, map, new, make, struct - Gopherlabs
Types - slice, map, new, make, struct - Gopherlabs Types - slice, map, new, make, struct - Gopherlabs
Types - slice, map, new, make, struct - Gopherlabs
 
Cloud Native Okteto Cloud
Cloud Native Okteto Cloud Cloud Native Okteto Cloud
Cloud Native Okteto Cloud
 
Google ko: fast Kubernetes microservice development in Go - Sangam Biradar, E...
Google ko: fast Kubernetes microservice development in Go - Sangam Biradar, E...Google ko: fast Kubernetes microservice development in Go - Sangam Biradar, E...
Google ko: fast Kubernetes microservice development in Go - Sangam Biradar, E...
 
welcome to gopherlabs - why go (golang)?
welcome to gopherlabs - why go (golang)?welcome to gopherlabs - why go (golang)?
welcome to gopherlabs - why go (golang)?
 
TensorFlow, Docker & GoLang - All for Image Rekognition Sangam Biradar(Engine...
TensorFlow, Docker & GoLang - All for Image Rekognition Sangam Biradar(Engine...TensorFlow, Docker & GoLang - All for Image Rekognition Sangam Biradar(Engine...
TensorFlow, Docker & GoLang - All for Image Rekognition Sangam Biradar(Engine...
 
September 7, 2019 Cloud Native and Containerisation (Joint Meetup with Docke...
September 7, 2019 Cloud Native and Containerisation (Joint Meetup with Docke...September 7, 2019 Cloud Native and Containerisation (Joint Meetup with Docke...
September 7, 2019 Cloud Native and Containerisation (Joint Meetup with Docke...
 
Implementing Lightweight Kubernetes(K3s) on Raspberry Pi Stack - Sangam Biradar
Implementing Lightweight Kubernetes(K3s) on Raspberry Pi Stack - Sangam BiradarImplementing Lightweight Kubernetes(K3s) on Raspberry Pi Stack - Sangam Biradar
Implementing Lightweight Kubernetes(K3s) on Raspberry Pi Stack - Sangam Biradar
 
Docker on IOT - Dockercon19 SFO Recap & Announcements, Bangalore
Docker on IOT - Dockercon19 SFO Recap & Announcements, BangaloreDocker on IOT - Dockercon19 SFO Recap & Announcements, Bangalore
Docker on IOT - Dockercon19 SFO Recap & Announcements, Bangalore
 

Recently uploaded

Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
g2nightmarescribd
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 

Recently uploaded (20)

Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 

Terrascan - Cloud Native Security Tool

  • 1. Introducing TerraScan – Cloud Native Security Tool Sangam Biradar Developer Advocate – APAC Accurics Docker Community Leader Okteto / Traefik Amabassdor https://discord.kubedaily.live
  • 2. How many vulnerability are reported ? Source:- https://nvd.nist.gov/vuln/search/statistics
  • 3. DevSecOps • Integrate security tools • Create security as code culture • Promote cross skills
  • 4. RUN CODE COMMIT BUILD DEPLOY Developer DevOps Writes application code Builds infrastructure Operates cloud SAST SCA CSPM Deploys cloud CLOUD SECURITY Securing DevOps workflows is today’s problem. SRE CLOUD COMPUTING Commits code CWPP
  • 5. Why we need DevSecOps ? Source Code Repository Staging/ CI/CD Server Developer Build Production QA Monitoring Suit of Security Test
  • 7.
  • 8. Threat Modeling • What are we building? • What can go wrong? • What are we going to do about that?
  • 9. SAST , SCA • Vulnerabilities Detection • Requires Source Code Access • Remediation • SDLC Integration • False Positives • Timeframe • Risk Coverage • SCA (Software Composition Analysis) • SAST (Static Application Security Testing)
  • 10. DAST , SCA • Dynamic Analysis and Security Testing (DAST) • Dynamic application security testing (DAST) is a type of black-box security testing in which tests are performed by attacking an application from the outside. • Pros • #1 Technology independent • #2 Low false positives • #3 Identifies configuration issues • Cons • #1 Not highly scalable • #2 No code visibility • #3 Slow scans
  • 11. IAST • IAST typically is implemented by deploying agents and sensors in the application post build. The agent observes the application’s operation and analyzes traffic flow to identify security vulnerabilities. It does this by mapping external signatures or patterns to source code, which allows it to identify more complex vulnerabilities. • IAST test results are usually reported in real time via a web browser, dashboard, or customized report without adding extra time to the CI/CD pipeline. IAST results can also be combined with other issues tracking tools. Pros • #1 Low Number of False Positives • #2 Instant Feedback • #3 Highly Scalable Cons • #1 Limited Language Coverage • #2 Requires a Mature Test Environment • #3 Not Widely Adopted
  • 12. Configuration Drift • configuration drift occurs whenever someone makes a change to the production environment without recording those changes and without ensuring complete parity between staging and production. And, although it’s unintentional, it can end in unanticipated bugs and the resulting flurry of pleas for rapid incident response. • Critical package updates are made at breakneck speeds to address a security vulnerability or incident and often ignore procedure in favor of speed. • When testing servers, a developer may make a manual configuration change to better document or track a bug, which could help define that issue, but if the configuration change isn’t changed back, it will cause drift. • Adding more resources to bolster server configuration can help systems cope with peak load times but are often unplanned or undocumented, eventually leading to configuration drift.
  • 13. RASP • RASP is a technology that runs on a server and kicks in when an application runs. It's designed to detect attacks on an application in real time
  • 14. Secret Management • Often credentials are store in config files • Leakage can result in abuse scenario • Secrets management allows you to tokenize the information
  • 15. Infrastructure as code • Infrastructure as a code allows you to document & version control the infra • It also allows you to perform audit on the infrastructure • Docker / K8s infra relies on base images • Environment is as secure as the base images • Base images need to be minimal in nature & need to be assessed to identify inherited vulnerabilities
  • 16. Cloud Native Security approach to security • Different Service Providers Approach Security Differently • All of them provide some of the ingredient In-house • Irrespective of cloud providers some tools will need to be sourced • Static code analysis tool • Dynamic Code Analysis Tool • Software Composition Analysis • Vulnerability Management Tool
  • 17. Terrascan • Terrascan detects security vulnerabilities and compliance violations across your Infrastructure as Code. Mitigate risks before provisioning cloud native infrastructure. Run locally or integrate with your CICD. • Documentation: https://docs.accurics.com/projects /accurics-terrascan • Discuss: https://community.accurics.com Features • 500+ Policies for security best practices • Scanning of Terraform (HCL2) • Scanning of Kubernetes (JSON/YAML), Helm v3, and Kustomize v3 • Support for AWS, Azure, GCP, Kubernetes and GitHub • Accurics Discord Server ! Join Community • https://discord.gg/G6EyMg4kCP
  • 19. Terrascan using docker • Use terrascan as container • $ docker run --rm --name terrascan -p 9010:9010 accurics/terrascan • curl -i -F "file=@main.tf" localhost:9010/v1/terraform/v14/aws/local/file /scan
  • 20. terrascan for terraform • terrascan scan -t aws • terrascan scan –t aws | -d terraform-demo