DevSecOps In The Age Of Containers

By Curtis Yanko

Talk Abstract

This talk is about how modern tools and processes deliver on the promise of DevSecOps by exploring the impact of containers on the SDLC.

Talk Description

As IT shops look to move their workloads into containers and the cloud their initial concerns center around the security implications. Containers do force us to change how we think about securing our application but they also offer us exciting new opportunities as well. In this talk, join Curtis Yanko as he explores the new security concerns that come along with containers. He’ll dive more deeply into have container composability and modern tooling make it possible to automate security and compliance concerns across the whole application stack. Curtis will share a project via GitHub that has a reference Jenkins pipeline demonstrating how to automate security and compliance at build time. Key takeaways will be, minimize attack surface, avoid known bad libraries and frameworks, how to validate the configuration, and use machine learning to model app behavior.

Participants will take away: An understanding of attack vectors in container based environments. How containers create a converged supply chain to manage those risk What ecosystem of tools can be used in CI/CD processes to identify and mitigate security issues Github projects they can fork and use

Notes

Github and modern CI and security tooling are profoundly changing how we build and release applications at ever increasing velocities without compromising quality or security. This talk will include a live demo and a github project for the audience to try their hand at on their own.