Learn about IaC scanning tools in a Terraform configuration and see a demo example of a DevSecOps pipeline with security baked in at each step.
With remote work taking off and more employees utilizing apps in the cloud, realizing DevSecOps needs to be part of every organization’s strategy in 2021. DevSecOps requires cybersecurity teams to collaborate with DevOps to stay multiple steps ahead of adversaries. The year 2020 proved that increasing an organization’s agility requires operationalizing security through DevSecOps pipelines supporting multi-cloud.
Is it possible for DevOps and security practitioners to collaborate and build DevSecOps pipelines?
In this session, Mike Fraser will cover the current challenges faced by DevOps when integrating security tools to create DevSecOps pipelines. He will demonstrate how cybersecurity can shift left with DevOps, starting with how DevSecOps pipelines can be used to scan multi-cloud infrastructure first with IaC scanning tools like Bridgecrew’s Checkov and Accurics Terrascan.
Once checks are passed, a CIS benchmark assessment with CIS-CAT assessor, which was never built to be used in CI/CD, can scan the completed infrastructure with a HashiCorp Terraform configuration that uses HashiCorp Vault to pull credentials to authenticate CIS-CAT and enable the CIS Benchmark assessment scan. Finally, he will demonstrate how remediation can be added to create an end-to-end DevSecOps pipeline.
Speaker: Mike Fraser
On-demand access to earnings via self-serve infrastructure at Earnin
HashiCorp Deep Dive Demos from Ignite and KubeCon Europe
How Terraform and Behavior-Driven Development Help Shift Security Left
Re-potting Overgrown Terraform Repositories