Download to read offline
![© IBM Corporation / Confidential
2
IBM Cloud
Introduction [2015]: Operational Visibility + Image-centric Security Analytics
2 Seamless Operational Visibility and Analytics | 2016
Annotators
(Vuln, Compl, Passwd,
Config, SW, Notif,…)
Data Pipeline Index (Data)
ImgCrawlers
OpAnalytics Data Pipeline
Docker Hosts
App
Cont.
App
Cont.
App
Cont.
App
Cont.
Docker Hosts
App
VM
App
VM
App
VM
App
VM
Compute
App
Cont.
App
Cont.
App
Cont.
App
Cont.
Logging,
Monitoring,
Alerting
Metrics + state
Logs + events
Static state Vulnerability
Advisor
Container
Image
Registry](https://image.slidesharecdn.com/20180508vadevsecopsintegration-180516174145/85/Vulnerability-Advisor-DevSecOps-Integration-2-320.jpg)
![© IBM Corporation / Confidential
3
IBM Cloud
Vulnerability
Advisor
Convergence [2016]: Image & Runtime + Data + Analytics (Depth & Breadth)
3 Seamless Operational Visibility and Analytics | 2016
Annotators
(Vuln, Compl, Passwd,
Config, SW, Notif,…)
Data Pipeline Index (Data)
ImgCrawlers
OpAnalytics Data Pipeline
Docker Hosts
App
Cont.
App
Cont.
App
Cont.
App
Cont.
Docker Hosts
App
VM
App
VM
App
VM
App
VM
Compute
App
Cont.
App
Cont.
App
Cont.
App
Cont.
Logging,
Monitoring,
Alerting
Metrics + state
Logs + events
Static state Vulnerability
Advisor
Container
Image
Registry
Live state
Additional
Image
Repos
* All services for security, compliance and beyond
work from the same data & pipeline.](https://image.slidesharecdn.com/20180508vadevsecopsintegration-180516174145/85/Vulnerability-Advisor-DevSecOps-Integration-3-320.jpg)
![© IBM Corporation / Confidential
4
IBM Cloud
Dev[Sec]Ops Integration
“Leverage VA Analytics in DevOps Cycle (now)”
“Leverage Information Across DevOps Pipeline for Analytics (next)”](https://image.slidesharecdn.com/20180508vadevsecopsintegration-180516174145/85/Vulnerability-Advisor-DevSecOps-Integration-4-320.jpg)
Uploaded byCanturk Isci
Vulnerability Advisor: DevSecOps Integration
This document discusses integrating IBM's Vulnerability Advisor tool into the development pipeline to enable DevSecOps. It describes how Vulnerability Advisor analyzes container images at different stages of the pipeline to check for vulnerabilities and non-compliance. This includes analyzing images built from code in the pipeline service and presenting results within the pipeline stage for developers to address before deployment. It also covers integrating Vulnerability Advisor into IBM's DevOps toolchains and pipeline to automate security checks within the development workflow.
More Related Content
Similar to Vulnerability Advisor: DevSecOps Integration
Vulnerability Advisor: DevSecOps Integration
- 1. © IBM Corporation/ Confidential 1 IBM Cloud Presented by: Vulnerability Advisor: DevSecOps Integration Canturk Isci
- 2. © IBM Corporation/ Confidential 2 IBM Cloud Introduction [2015]: Operational Visibility + Image-centric Security Analytics 2 Seamless Operational Visibility and Analytics | 2016 Annotators (Vuln, Compl, Passwd, Config, SW, Notif,…) Data Pipeline Index (Data) ImgCrawlers OpAnalytics Data Pipeline Docker Hosts App Cont. App Cont. App Cont. App Cont. Docker Hosts App VM App VM App VM App VM Compute App Cont. App Cont. App Cont. App Cont. Logging, Monitoring, Alerting Metrics + state Logs + events Static state Vulnerability Advisor Container Image Registry
- 3. © IBM Corporation/ Confidential 3 IBM Cloud Vulnerability Advisor Convergence [2016]: Image & Runtime + Data + Analytics (Depth & Breadth) 3 Seamless Operational Visibility and Analytics | 2016 Annotators (Vuln, Compl, Passwd, Config, SW, Notif,…) Data Pipeline Index (Data) ImgCrawlers OpAnalytics Data Pipeline Docker Hosts App Cont. App Cont. App Cont. App Cont. Docker Hosts App VM App VM App VM App VM Compute App Cont. App Cont. App Cont. App Cont. Logging, Monitoring, Alerting Metrics + state Logs + events Static state Vulnerability Advisor Container Image Registry Live state Additional Image Repos * All services for security, compliance and beyond work from the same data & pipeline.
- 4. © IBM Corporation/ Confidential 4 IBM Cloud Dev[Sec]Ops Integration “Leverage VA Analytics in DevOps Cycle (now)” “Leverage Information Across DevOps Pipeline for Analytics (next)”
- 5. © IBM Corporation/ Confidential 5 IBM Cloud Integration w Pipeline Svc Image Registry IMG IMG IMG IMG IMG IMG Pipeline Service VA x86 Images • History: Joint VA API Design (as VA was born) • VA Run on all images pushed to Registry • VA validation available in IDS as “Pipeline Test Stage”
- 6. © IBM Corporation/ Confidential 6 IBM Cloud Integration w Pipeline Svc / IDSv1 & IDSv2: Test Stage • Requires an IBM Bluemix Containers Service “Build Stage” as the input • Queries VA for vulnerability and compliance results for the built image • Timeout after N mins ¯_(ツ)_/¯
- 7. © IBM Corporation/ Confidential 7 IBM Cloud Integration w Pipeline Svc / IDSv1 & IDSv2: VA Stage Results
- 8. © IBM Corporation/ Confidential 8 IBM Cloud Integration w Pipeline Svc / IDSv1 & IDSv2: VA Stage Results ● Results displayed in stage log ● Link to VA for deep dive info ● Supports Slack/HipChat integration ● Stage will fail IF: ● Vulnerabilities discovered ● IF VA query does not return on time ● Can rerun stage to retry/renew results
- 9. © IBM Corporation/ Confidential 9 IBM Cloud Integration w DevOps ToolChain & IDSv2: Secure Container Toolchain
- 10. © IBM Corporation/ Confidential 10 IBM Cloud Integration w DevOps ToolChain & IDSv2: Toolchain Details (from template)
- 11. © IBM Corporation/ Confidential 11 IBM Cloud Integration w DevOps ToolChain & IDSv2: Code from GitHub
- 12. © IBM Corporation/ Confidential 12 IBM Cloud Integration w DevOps ToolChain & IDSv2: Web IDE
- 13. © IBM Corporation/ Confidential 13 IBM Cloud Integration w DevOps ToolChain & IDSv2: Delivery Pipeline
- 14. © IBM Corporation/ Confidential 14 IBM Cloud Integration w DevOps ToolChain & IDSv2: Validate Stage Results (1/3)
- 15. © IBM Corporation/ Confidential 15 IBM Cloud Integration w DevOps ToolChain & IDSv2: Validate Stage Results (2/3)
- 16. © IBM Corporation/ Confidential 16 IBM Cloud Integration w DevOps ToolChain & IDSv2: Validate Stage Results (3/3)
Editor's Notes
- #6 Outlier Analysis, SW Discovery, ML, TS, Dev(Sec)Ops
- #7 Outlier Analysis, SW Discovery, ML, TS, Dev(Sec)Ops
- #8 Outlier Analysis, SW Discovery, ML, TS, Dev(Sec)Ops
- #9 Outlier Analysis, SW Discovery, ML, TS, Dev(Sec)Ops
- #10 Outlier Analysis, SW Discovery, ML, TS, Dev(Sec)Ops
- #11 Outlier Analysis, SW Discovery, ML, TS, Dev(Sec)Ops
- #12 Outlier Analysis, SW Discovery, ML, TS, Dev(Sec)Ops
- #13 Outlier Analysis, SW Discovery, ML, TS, Dev(Sec)Ops
- #14 Outlier Analysis, SW Discovery, ML, TS, Dev(Sec)Ops
- #15 Outlier Analysis, SW Discovery, ML, TS, Dev(Sec)Ops
- #16 Outlier Analysis, SW Discovery, ML, TS, Dev(Sec)Ops
- #17 Outlier Analysis, SW Discovery, ML, TS, Dev(Sec)Ops