Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

CNCF [Cloud Native Computing Foundation]

Unpacking Open Source Security in Public Repositories and Registries

CNCF [Cloud Native Computing Foundation] via YouTube

Overview

Explore the security landscape of open source projects and public registries in this 34-minute conference talk by Ben Hirschberg from ARMO. Dive into groundbreaking research that scans popular open source projects like Grafana, Prometheus, Lens, Helm, and ArgoCD, as well as public registries such as DockerHub, Quay, GCR, and ECR. Discover how these widely-used resources measure up against common compliance frameworks including CIS, MITRE ATT&CK®, NIST, and NSA-CISA. Gain insights into prevalent misconfigurations, the impact of well-known CVEs (exemplified through Log4J), and critical red flags to watch out for when utilizing public resources. Conclude with a comprehensive risk analysis and scoring of these resources, highlighting key security concerns and providing best practices to safeguard your systems and operations in the ever-evolving container ecosystem.

Syllabus

Unpacking Open Source Security in Public Repos & Registries - Ben Hirschberg, ARMO

Taught by

CNCF [Cloud Native Computing Foundation]

Reviews

Start your review of Unpacking Open Source Security in Public Repositories and Registries

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.