Tripwire for DevOps continues to add new features and capabilities. The newest of these is the ability to perform vulnerability scans against Amazon Machine Images (AMIs) in the same Tripwire for DevOps workflow used for your Docker containers. This blog will discuss the creation of AMIs and how to audit them for vulnerabilities within Tripwire for DevOps.
Although many organizations are shifting security to the left and embracing the integration of security tools into their continuous integration / continuous delivery pipelines, there are others who have different wants and needs.
DevOps is redefining the way organizations handle software development. But it’s also challenging security professionals in their efforts to manage digital risk. With that said, there are security teams need to be strategic about how they approach DevOps security. Here are some expert recommendations on what to do and what to avoid when implementing security in the DevOps lifecycle.
Container security is not a unitary action but a multifaceted process. It involves securing the build environment using secure code control and other strategies. The procedure also necessitates securing containers’ contents via code analysis and unit tests.
In early August, I will be leading a couple of sessions at the Community College Cyber Summit about cyber security fundamentals. I’ve also been spending time working with my amazing colleagues here at Tripwire on a really cool new offering for DevOps pipelines – Tripwire for DevOps (learn more here). Spending so much time going back and forth from “back to basics” and “the future of development” had me thinking that securing DevOps is really Back to the Future.
It’s hardly a controversial statement to say that DevOps is changing the way that organizations build and deploy applications. There’s plenty of material, stories, whitepapers and whole companies that demonstrate this trend. There are, however, a couple of things that make a discussion about security and DevOps important.
Organizations face numerous primary threats and security concerns when it comes to their container environments. Those issues extend into their build environment, an area which organizations need to protect because it’s usually the least secure aspect of their container infrastructure. They also extend into other areas, including inside the containers themselves.
Organizations can reap huge rewards by switching to a DevOps software development model. Some enterprises don’t know how to make the change. Recognizing that fact, I’ve spent the past few weeks discussing the benefits of a DevOps model, outlining how organizations can plan their transition, identifying common problems that companies commonly encounter and enumerating steps for a successful conversion. Of course, organizations aren’t finished once they’ve fully embraced DevOps.
