Using Static Analysis to Catch Configuration Vulnerabilities #docker #dockerfile #devops
Containers and Infrastructure as Code (IaC) have changed the way organizations build and deploy their applications. Gone are the days when hardware had to be manually provisioned and managed in person. However, this doesn’t mean that these technologies can’t present security risks to your organization. If you’re not careful, misconfigurations can lead to exposed secrets, data leaks, unauthorized access, or DDoS attacks. Getting your configurations right the first time to minimize the risk of these issues is important. In this talk, we cover the importance of shifting left and trying to find vulnerabilities early in the SDLC. We look at Dockerfiles and how you can accidentally introduce poor practices and security vulnerabilities to your configurations. We explain what Static Analysis and Software Composition Analysis are and how they help you secure your code and dependencies. We show how to set up a Static Analysis in your IDE to scan your Dockerfiles for issues, get suggested fixes for resolving them, and how to block critical issues using gating mechanisms.
Presentation: Securing the Software Supply Chain: Using Static Analysis to Catch Configuration Vulnerabilities
Speaker: Borja Burgos, Director of Product Management, DataDog
Resources:
Software supply chain, simplified - https://www.docker.com/products/docker-scout/
Get started with Docker - https://www.docker.com/get-started/
What are containers? https://www.docker.com/resources/what-container/
Try Docker Desktop https://www.docker.com/products/docker-desktop/
Docker 101 Tutorial https://www.docker.com/101-tutorial/
Join the conversation!
LinkedIn → https://dockr.ly/LinkedIn
Twitter → https://dockr.ly/Twitter
Facebook → https://dockr.ly/Facebook
Instagram → https://dockr.ly/Instagram
ABOUT DOCKER: Docker provides a suite of development tools, services, trusted content, and automations, used individually or together, to accelerate the delivery of secure applications.
#docker #devops #softwaresupplychain #shorts
Видео Using Static Analysis to Catch Configuration Vulnerabilities #docker #dockerfile #devops канала Docker
Presentation: Securing the Software Supply Chain: Using Static Analysis to Catch Configuration Vulnerabilities
Speaker: Borja Burgos, Director of Product Management, DataDog
Resources:
Software supply chain, simplified - https://www.docker.com/products/docker-scout/
Get started with Docker - https://www.docker.com/get-started/
What are containers? https://www.docker.com/resources/what-container/
Try Docker Desktop https://www.docker.com/products/docker-desktop/
Docker 101 Tutorial https://www.docker.com/101-tutorial/
Join the conversation!
LinkedIn → https://dockr.ly/LinkedIn
Twitter → https://dockr.ly/Twitter
Facebook → https://dockr.ly/Facebook
Instagram → https://dockr.ly/Instagram
ABOUT DOCKER: Docker provides a suite of development tools, services, trusted content, and automations, used individually or together, to accelerate the delivery of secure applications.
#docker #devops #softwaresupplychain #shorts
Видео Using Static Analysis to Catch Configuration Vulnerabilities #docker #dockerfile #devops канала Docker
Docker devops app development software engineering Learn docker docker images docker container what is docker docker compose docker tutorial dockerfile docker desktop software supply chain cybersecurity secure your software supply chain software supply chain security software supply chain devops cyber security configuration vulnerability vulnerability scanning vulnerability scanner static analysis static code analysis dockercon 2023 Borja Burgos datadog
Комментарии отсутствуют
Информация о видео
20 декабря 2023 г. 5:30:08
00:00:13
Другие видео канала
