Explore the Department of Defense's automated container hardening pipeline in this 27-minute conference talk. Learn how the DoD's Platform One security group maintains the Iron Bank, a centralized hardened container registry meeting strict safety and security requirements. Discover how automated processes have reduced container vulnerability counts by up to 95%, averaging 70% across the board, while maintaining full functionality and exceeding Iron Bank security specifications. Gain insights into the methodologies used for instrumenting, hardening, testing, and optimizing containers, including vulnerability scanning, testing, reduction, and automation techniques. Understand how open-source technologies are employed in this DevSecOps initiative to significantly reduce container footprints and software packages while enhancing security.
Automating the DoD Container Hardening Pipeline
Overview
Syllabus
Automating the DoD Container Hardening Pipeline - Russ Andersson, RapidFort
Taught by
Linux Foundation
Tags
Related Courses
-
Hardening Next Generation Military Software Containers for DoD Software Factories
-
Securing the Container Pipeline at Salesforce - Docker Use Case
-
Container Security for Developers - Best Practices and Exploit Prevention
-
Upgrade Images by Digging Out and Automatically Fixing Vulnerabilities
-
Container Patching: Making It Less Gross Than the Seattle Gum Wall
-
The Certified Kubernetes Security Specialist: What to Know and How to Pass
