Securing Infrastructure In Application Pipelines
May 21, 2020
Learn how to use policy as code in Terraform Cloud to securely deliver applications.
- Kevin CochranSr. Solutions Engineer, HashiCorp
Security teams are front and center these days with everything IT. While it may seem to slow down certain processes, I really wouldn’t want it any other way. Many of us have been a victim of a data breach at some point. And that’s why our security teams have a vested interest in making sure applications are safe prior to delivery — a function previously fully owned by the developers.
CI/CD pipelines have solved a number of challenges for us, and with heavy focus on reducing risk, security teams today often own at least a portion of the CI/CD pipeline — ensuring vulnerability scans occur for both code and its runtime.
With all these great advancements in automation, why is it that we still can’t fully automate end-to-end?
Provisioning: it seems to be a common roadblock. It’s not that we don’t have the ability. It’s that we need to guarantee infrastructure is provisioned in such a way that it doesn’t introduce risk.
What You'll Learn
Terraform and Sentinel policy as code are key pieces in automating your software delivery end-to-end. This webinar demo will show you how to manage an entire CI/CD pipeline using the popular CI engine, Jenkins, and the HashiCorp Terraform API. In addition to viewing the demo, you should read the companion piece on the solutions engineering Medium blog that goes with this webinar.
0:00 — The evolution of security in the software delivery pipeline
9:54 — Terraform Cloud and policy enforcement
15:09 — Demo: Building a secure CI/CD pipeline with Terraform Cloud and Sentinel in Jenkins
29:09 — Q&A
- Does Sentinel have the ability to perform any sort of static analysis of the configuration? Or do you only have the option to enforce at plan/apply time?
- Can you update the Sentinel policies via API? Yes
- How does the workflow differ between self-hosted Terraform Enterprise and Terraform Cloud?
- Is it possible to write Sentinel policies that only apply to specific team members and not others?
- When one workspace has a dependency on another, does Terraform automatically update the workspace that has the dependency?