Using static analysis to find configuration vulnerabilities #docker #dockerfile #devops

Using static analysis to find configuration vulnerabilities #docker #dockerfile #devops

HomeDockerUsing static analysis to find configuration vulnerabilities #docker #dockerfile #devops
Docker Available on Youtube Published 9 months ago
Using static analysis to find configuration vulnerabilities #docker #dockerfile #devops
ChannelPublish DateThumbnail & View CountDownload Video
Channel AvatarPublish Date not found Thumbnail
0 Views
View on YouTube Download Video
Containers and Infrastructure as Code (IaC) have changed the way companies build and deploy their applications. Gone are the days of manually provisioning and personally managing hardware. However, that doesn't mean these technologies can't pose security risks to your business. If you're not careful, misconfigurations can lead to exposed secrets, data leaks, unauthorized access, or DDoS attacks. It's important to get your configurations right the first time to minimize the risk of these problems. In this talk, we'll cover the importance of "shifting left" and trying to find vulnerabilities early in the SDLC. We'll look at Dockerfiles and how you can inadvertently introduce bad practices and security vulnerabilities into your configurations. We'll explain what static analysis and software composition analysis are and how they help you secure your code and dependencies. We'll show you how to set up static analysis in your IDE to scan your Dockerfiles for issues, get suggestions on how to fix those issues, and how to block critical issues using gating mechanisms.

Presentation: Securing the Software Supply Chain: Using Static Analysis to Detect Configuration Vulnerabilities
Speaker: Borja Burgos, Director of Product Management, DataDog

Resources:
Software supply chain, simplified – https://www.docker.com/products/docker-scout/
Getting started with Docker – https://www.docker.com/get-started/
What are containers? https://www.docker.com/resources/what-container/
Try Docker Desktop https://www.docker.com/products/docker-desktop/
Docker 101 tutorial https://www.docker.com/101-tutorial/

Join the conversation!
LinkedIn https://dockr.ly/LinkedIn
Twitter https://dockr.ly/Twitter
Facebook https://dockr.ly/Facebook
Instagram https://dockr.ly/Instagram

ABOUT DOCKER: Docker provides a set of development tools, services, trusted content, and automation that are used individually or together to accelerate the delivery of secure applications.

#docker #devops #softwaresupplychain #shorts

Please take the opportunity to connect with your friends and family and share this video with them if you find it useful.