Overview
Explore the challenges and opportunities of integrating security into containerized environments in this 46-minute conference talk. Learn why containers disrupt traditional security approaches and how to address security concerns effectively. Discover strategies for fostering collaboration between DevOps and security teams, leveraging automation to enhance security practices, and implementing better security through containerization. Gain insights on communicating with security professionals, understanding their needs, and embracing the potential for improved security in containerized applications. Delve into topics such as reducing image bloat, establishing trustworthy images, and implementing efficient scanning processes. Acquire practical knowledge to successfully navigate the intersection of DevSecOps and container technology.
Syllabus
Intro
Why do we care
Business
Low Risk Code
DevOps
Security vs DevOps
DevOps is hard
DevOps is a mess
Security on the outside
A promise
Base images
Reduce bloat
No more patching
Pipeline
Image
Trustworthy images
Automation vs human
What Security People Want
Communication
counterintuitive
tolerance for change
super tight DevOps
code host operations in cybersecurity
scan the images
Containers can be replaced
Taught by
Linux Foundation