Thinking Inside the Box Effective DevSecOps for Containers

Containers can be a powerful DevOps tool to greatly improve the consistency and scalability of your environment. But how do we establish visibility and security in our containers without excessive overhead? We’ll start with an overview of the security challenges posed by containers, and how those can be magnified if we aren’t doing DevOps right. Next, we’ll go over DevSecOps best practices for harnessing the power of containers - starting with the image itself. We’ll look at how “shifting security left” applies specifically to containers, from the container pipeline itself, to secrets management and protecting your container registry itself. Lastly, we’ll conclude with a simple framework that will help your teams assess your DevSecOps maturity in relation to containers and identify action steps going forward. SANS CloudSecNext Summit 2024 Thinking Inside the Box: Effective DevSecOps for Containers Speaker: Christopher Pope, DevSecOps Manager, ExxonMobil View upcoming Summits: http://www.sans.org/u/DuS SANS Cloud Security Curriculum: www.sans.org/cloud-security GIAC Cloud Security Certifications: https://www.giac.org/focus-areas/cloud-security/ LinkedIn: https://www.linkedin.com/showcase/sanscloudsec/ Discord: www.sansurl.com/cloud-discord Twitter: @SANSCloudSec