DevSecOps From First Principles in AWS #23 | Securing Cloud Resources, Containers & Dependencies

00:00 Introduction to Cloud Security Tools 01:34 The 3 Layers of Application Security 02:13 Securing Cloud Resources with Prowler 02:27 Docker Image Hygiene with Dockle 03:17 Dependency DNA and Supply Chain Security 05:07 What is the CIS Benchmark? 06:29 Finding Root Privileges in Containers 07:05 Generating Software Bill of Materials (SBOM) 07:54 Vulnerability Scanning with Grype 08:22 Image Signing with Cosign 09:55 How Prowler Scans AWS Accounts 13:38 Running Prowler in CI/CD Pipelines 15:46 Dockle vs Trivy Explained 19:03 Real World: The Log4j Vulnerability 20:38 Finding Hidden Transitive Dependencies 22:19 End-to-End Security Toolchain Summary 24:34 Generating CycloneDX SBOM with Syft 25:35 CI/CD Gating and Report Generation 26:47 Conclusion and Next Steps