DevSecOps in the Age of Containers

[presentation]
by
Curtis Yanko
Agile + DevOps East 2018
Share URL
 
Summary: 

As IT shops look to move their workloads into containers and the cloud, their initial concerns often center around the security implications. Containers do force us to change how we think about securing our application, but they also offer exciting new opportunities. Curtis Yanko will explore the security concerns that come along with containers and take a deep dive into container composability and how modern tooling makes it possible to automate security and compliance concerns across the entire application stack. Curtis will share a project via GitHub that has a reference Jenkins pipeline demonstrating how to automate security and compliance at build time. You will take home ideas for minimizing attack surface, avoiding known bad libraries and frameworks, validating your configuration, and using machine learning to model application behavior.

File: 
Download PDF
Tags: 
security
About the Presenter

Curtis Yanko is director of strategy at Sonatype and a DevSecOps coach and evangelist. Prior to coming to Sonatype, Curtis started the DevOps Center of Enablement at a Fortune 100 insurance company and chaired an Open Source Governance Committee. When he isn’t working with customers and partners on how to accelerate delivery by building security and governance into CI/CD pipelines, he can be found raising service dogs or out playing ultimate frisbee during his lunch hour. Curtis is currently working on building strategic technical partnerships to help solve for the DevSecOps tool chain.

Upcoming Events

Apr 27 STAREAST
Software Testing Conference in Orlando & Online
Jun 08 AI Con USA
An Intelligence-Driven Future
Sep 21 STARWEST
Software Testing Conference in Anaheim & Online