DevSecOps in the Age of Containers
As IT shops look to move their workloads into containers and the cloud, their initial concerns often center around the security implications. Containers do force us to change how we think about securing our application, but they also offer exciting new opportunities. Curtis Yanko will explore the security concerns that come along with containers and take a deep dive into container composability and how modern tooling makes it possible to automate security and compliance concerns across the entire application stack. Curtis will share a project via GitHub that has a reference Jenkins pipeline demonstrating how to automate security and compliance at build time. You will take home ideas for minimizing attack surface, avoiding known bad libraries and frameworks, validating your configuration, and using machine learning to model application behavior.
Curtis Yanko is director of strategy at Sonatype and a DevSecOps coach and evangelist. Prior to coming to Sonatype, Curtis started the DevOps Center of Enablement at a Fortune 100 insurance company and chaired an Open Source Governance Committee. When he isn’t working with customers and partners on how to accelerate delivery by building security and governance into CI/CD pipelines, he can be found raising service dogs or out playing ultimate frisbee during his lunch hour. Curtis is currently working on building strategic technical partnerships to help solve for the DevSecOps tool chain.