First Steps to Full Lifecycle Security with Open Source Tools

A key element of successfully integrating security into the DevOps lifecycle is embedding it right from the start. Helping developers and operators build security controls in from day-one with easy to use open source tooling can make that a reality. This workshop will take a hands-on approach to demonstrate how to install, configure and customize open source security tools to be used throughout the DevOps process. The workshop will focus on a couple of core tools. Firstly understanding how Trivy can be used to help secure container images, Dockerfiles, Kubernetes manifests and IaC code such as Terraform. Then the workshop will move on to operationalizing security controls using the Trivy Operator, providing continuous security assurance of workloads and Kubernetes clusters.

 

Anaïs Urlichs

Anaïs Urlichs

@urlichsanais
Open Source Developer Advocate

Anaïs is a Developer Advocate at Aqua Security, where she contributes to Aqua’s cloud native open source projects. When she is not advocating DevOps best practices, she runs her own YouTube Channel centered around cloud native technologies. Before joining Aqua, Anais worked as SRE at Civo, a cloud native service provider, where she worked on infrastructure for hundreds of tenant clusters. As CNCF ambassador, her passion lies in making tools and platforms more accessible to developers and community members.

What the attendees will learn

Security Scanning of developer resources and running Kubernetes workloads.

Requirements

- Laptop with Internet Access

- Ability to run a local Kubernetes cluster

        - KinD

        - minikube

        - microk8s

        - ...

- Ability to download and run binaries in: Linux, MacOS

- Curiosity

Companies that use this technology

- Azure defender for CI/CD

- GitLab

- Giantswarm

- Alibaba Cloud

- Rancher

Workshop Plan

- Introduction to Security Scanning

- Security Scanning of Container Images, Git Repositories, Configuration files; this includes the scanning for vulnerabilities, misconfiguration and exposed secrets

- A short introduction to Kubernetes-based operators

- Security scanning at runtime of Kubernetes-based workloads through the Trivy CLI and the Trivy Operator

First Steps to Full Lifecycle Security with Open Source Tools

Date and time:

10th.

09:00 - 11:00

Topics:

Cloud Security, Container Security, Kubernetes Cluster Security, Security Scanning

Target audience roles:

Anyone who has some experience, either as a developer and/or as a Kubernetes cluster admin

Attendees:

25

Included:

Self-Service Coffee
(This workshop is free for general ticket holders until the end of stock)