SlideShare a Scribd company logo

Securing Your Deployment Pipeline With Docker

Container Solutions, profile picture
Container Solutions

The document discusses securing the software deployment pipeline. It describes the evolution from separate development and operations teams to integrated DevOps practices using continuous delivery. Continuous delivery allows for faster reaction times to issues like security vulnerabilities, which typically take over 100 days to fix. The document advocates for implementing security practices like static code analysis, vulnerability scanning, and end-to-end security testing at each stage of the software delivery pipeline to find and fix issues early. It notes challenges in current tools being numerous, complex to configure and install. Containerizing these tools is presented as a solution to standardize and simplify their use in the pipeline.

Technology
1 of 40
Downloaded 45 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
Securing your Deployment Pipeline Strategy & Tech Talk - April 19, 2016 Maximilian Schöfmann | @schoefmann Container Solutions Switzerland
www.container-solutions.com | info@container-solutions.com B.C. (Before Continuous Integration)
www.container-solutions.com | info@container-solutions.com B.C. (Before Continuous Integration) homo abap-cobolus integrating software modules, ca. 200000 B.C
www.container-solutions.com | info@container-solutions.com A.D. - but Pre-DevOps (CI only)
www.container-solutions.com | info@container-solutions.com DevOps (present time)
www.container-solutions.com | info@container-solutions.com DevOps + Continuous Delivery + PaaS
www.container-solutions.com | info@container-solutions.com … and Security
www.container-solutions.com | info@container-solutions.com Avg: 103 days to fix a vulnerability http://darkmatters.norsecorp.com/2015/06/09/security-vulnerabilities-take-average-of-103-days-to-remediate/
www.container-solutions.com | info@container-solutions.com CD improves reaction time!
www.container-solutions.com | info@container-solutions.com So we need to:
www.container-solutions.com | info@container-solutions.com …with better tooling!
www.container-solutions.com | info@container-solutions.com Stages of a delivery pipeline Commit Integration Acceptance Release
www.container-solutions.com | info@container-solutions.com Stages of a delivery pipeline Commit Integration Acceptance Release unit tests
www.container-solutions.com | info@container-solutions.com Stages of a delivery pipeline Commit Integration Acceptance Release unit tests service tests
www.container-solutions.com | info@container-solutions.com Stages of a delivery pipeline Commit Integration Acceptance Release unit tests service tests UI tests
www.container-solutions.com | info@container-solutions.com Stages of a delivery pipeline Commit Integration Acceptance Release unit tests service tests UI tests (exploratory tests)
www.container-solutions.com | info@container-solutions.com Test pyramid Unit Tests Service Tests UI tests fasterfeedback confidence coverage
www.container-solutions.com | info@container-solutions.com “AppSec Pipeline” Commit Integration Acceptance Release unit tests service tests UI tests (exploratory tests)
www.container-solutions.com | info@container-solutions.com “AppSec Pipeline” Commit Integration Acceptance Release unit tests service tests UI tests (exploratory tests) static code
 analysis
www.container-solutions.com | info@container-solutions.com “AppSec Pipeline” Commit Integration Acceptance Release unit tests service tests UI tests (exploratory tests) static code
 analysis vulnerability scanning
www.container-solutions.com | info@container-solutions.com “AppSec Pipeline” Commit Integration Acceptance Release unit tests service tests UI tests (exploratory tests) static code
 analysis vulnerability scanning end-to-end security tests
www.container-solutions.com | info@container-solutions.com “AppSec Pipeline” Commit Integration Acceptance Release unit tests service tests UI tests (exploratory tests) static code
 analysis vulnerability scanning end-to-end security tests (penetration tests)
www.container-solutions.com | info@container-solutions.com AppSec pyramid? static code analysis vulnerability scanning E2E security tests fasterfeedback confidence coverage
www.container-solutions.com | info@container-solutions.com Challenge: False Positives • maintain exception/fine tuning config for scanner • run with sensitive heuristics nightly, then update config • or branch to manual stage to check false positives
www.container-solutions.com | info@container-solutions.com Static analysis • SonarQube (multiple languages) • Brakeman (Ruby/Rails) • OWASP WAP (PHP) • FindBugs (Java) • FlawFinder (C/C++) • … (many commercial, e.g. CHECKMARX)
www.container-solutions.com | info@container-solutions.com Vulnerability scanners (many commercial) • OWASP Zed Attack Proxy (ZAP) • Burp suite • Acunetix • Nessus, OpenVAS • Nikto • w3af • … (lots and lots more)
www.container-solutions.com | info@container-solutions.com End to end security tests • Standard tools like Selenium work well • BDD-Security if you fancy text or want to integrate PO friendly E2E tests with vulnerability scans continuumsecurity.net/bdd-intro.html
www.container-solutions.com | info@container-solutions.com more… owasp.org/index.php/Appendix_A:_Testing_Tools
www.container-solutions.com | info@container-solutions.com But… • Too many! • Too different! • Too complex! • Stuff to install (lots!) • Stuff to configure…
www.container-solutions.com | info@container-solutions.com But… • Too many! • Too different! • Too complex! • Stuff to install (lots!) • Stuff to configure…
www.container-solutions.com | info@container-solutions.com And what about…
www.container-solutions.com | info@container-solutions.com If we just had a way to package those tools uniformly…
www.container-solutions.com | info@container-solutions.com If we just had a way to package those tools uniformly…
www.container-solutions.com | info@container-solutions.com Demo: Static analysis
www.container-solutions.com | info@container-solutions.com If we just had an easy way to connect scanners to apps…
www.container-solutions.com | info@container-solutions.com If we just had an easy way to connect scanners to apps…
www.container-solutions.com | info@container-solutions.com Demo: Vulnerability scanners
www.container-solutions.com | info@container-solutions.com If there was just a way to scale those tests…
www.container-solutions.com | info@container-solutions.com If there was just a way to scale those tests…
maximilian.schoefmann@container-solutions.com | @schoefmann
 
 container-solutions.com

More Related Content

PDF
Introduction to Docker by Adrian Mouat
Container Solutions
 
PDF
MesosCon 2016 - minimesos, the experimentation and testing tool for Apache Mesos
Container Solutions
 
PDF
Load Balancing for Containers and Cloud Native Architecture
Chiradeep Vittal
 
PDF
Load Balancing for Containers and Cloud Native Architecture
Chiradeep Vittal
 
PDF
Microservices: State of the Union
C4Media
 
PPT
Messaging For the Cloud and Microservices
Rob Davies
 
PDF
A curtain-raiser to the container world Docker & Kubernetes
zekeLabs Technologies
 
PPTX
Serverless and cloud computing
zekeLabs Technologies
 
Introduction to Docker by Adrian Mouat
Container Solutions
 
MesosCon 2016 - minimesos, the experimentation and testing tool for Apache Mesos
Container Solutions
 
Load Balancing for Containers and Cloud Native Architecture
Chiradeep Vittal
 
Load Balancing for Containers and Cloud Native Architecture
Chiradeep Vittal
 
Microservices: State of the Union
C4Media
 
Messaging For the Cloud and Microservices
Rob Davies
 
A curtain-raiser to the container world Docker & Kubernetes
zekeLabs Technologies
 
Serverless and cloud computing
zekeLabs Technologies
 

What's hot (20)

PPTX
Container Patterns
Matthias Luebken
 
PPTX
Docker - A curtain raiser to the Container world
zekeLabs Technologies
 
PDF
Remote debugging of Application in Kubernetes
ConSol Consulting & Solutions Software GmbH
 
PDF
Operator development made easy with helm
ConSol Consulting & Solutions Software GmbH
 
PPTX
Infrastructure as Code and AWS CDK
SupratipBanerjee
 
PDF
Monitoring Cockpit for OpenShift Clusters
ConSol Consulting & Solutions Software GmbH
 
PDF
Kafka at the Edge: an IoT scenario with OpenShift Streams for Apache Kafka | ...
Red Hat Developers
 
PDF
Build Robust Blockchain Services with Hyperledger and Containers
LinuxCon ContainerCon CloudOpen China
 
PDF
"Messaging with Quarkus"
ConSol Consulting & Solutions Software GmbH
 
PDF
Containers vs serverless - Navigating application deployment options
Daniel Krook
 
PDF
Using csi snapshot.pptx
LibbySchulze
 
PDF
K8s vs Cloud Foundry
Ivan Borshukov
 
PDF
Secure Infrastructure Provisioning with Terraform Cloud, Vault + GitLab CI
Mitchell Pronschinske
 
PDF
Deploying Anything as a Service (XaaS) Using Operators on Kubernetes
All Things Open
 
PDF
Designing Cloud Native Applications with Kubernetes
Bilgin Ibryam
 
PDF
The Kubernetes Effect
Bilgin Ibryam
 
PDF
KURMA - A Containerized Container Platform - KubeCon 2016
Apcera
 
PPTX
Cloudsolutionday 2016: Docker & FAAS at getvero.com
AWS Vietnam Community
 
PPTX
Microcontainers and Tools for Hardcore Container Debugging
Oracle Developers
 
PPTX
Getting Started with Kafka on k8s
VMware Tanzu
 
Container Patterns
Matthias Luebken
 
Docker - A curtain raiser to the Container world
zekeLabs Technologies
 
Remote debugging of Application in Kubernetes
ConSol Consulting & Solutions Software GmbH
 
Operator development made easy with helm
ConSol Consulting & Solutions Software GmbH
 
Infrastructure as Code and AWS CDK
SupratipBanerjee
 
Monitoring Cockpit for OpenShift Clusters
ConSol Consulting & Solutions Software GmbH
 
Kafka at the Edge: an IoT scenario with OpenShift Streams for Apache Kafka | ...
Red Hat Developers
 
Build Robust Blockchain Services with Hyperledger and Containers
LinuxCon ContainerCon CloudOpen China
 
"Messaging with Quarkus"
ConSol Consulting & Solutions Software GmbH
 
Containers vs serverless - Navigating application deployment options
Daniel Krook
 
Using csi snapshot.pptx
LibbySchulze
 
K8s vs Cloud Foundry
Ivan Borshukov
 
Secure Infrastructure Provisioning with Terraform Cloud, Vault + GitLab CI
Mitchell Pronschinske
 
Deploying Anything as a Service (XaaS) Using Operators on Kubernetes
All Things Open
 
Designing Cloud Native Applications with Kubernetes
Bilgin Ibryam
 
The Kubernetes Effect
Bilgin Ibryam
 
KURMA - A Containerized Container Platform - KubeCon 2016
Apcera
 
Cloudsolutionday 2016: Docker & FAAS at getvero.com
AWS Vietnam Community
 
Microcontainers and Tools for Hardcore Container Debugging
Oracle Developers
 
Getting Started with Kafka on k8s
VMware Tanzu
 
Ad

Similar to Securing Your Deployment Pipeline With Docker (20)

PPTX
SATURN 2018 "Continuous Delivery with Containers" Extended 90 version
Daniel Bryant
 
PPTX
DevSecCon Tel Aviv 2018 - Security Testing for Containerised Apps by Omer Levi
DevSecCon
 
PPTX
Security Testing for Containerized Applications
Soluto
 
PDF
Getting to Walk with DevOps
Eklove Mohan
 
PPTX
Securing and automating your application infrastructure meetup 23112021 b
lior mazor
 
PPTX
Bringing CD to the DoD
Gene Gotimer
 
PDF
DevSecOps: essential tooling to enable continuous security 2019-09-16
Rich Mills
 
PDF
Continuous Delivery (Internet-Briefing 2012-04-03)
Netcetera
 
PPTX
Cloud Application Security: Lessons Learned
Jason Chan
 
PDF
Continuous Security Testing
Ray Lai
 
PPTX
The eBay-Way Meetup IL - CI/CD with Microservices
yinonavraham
 
PDF
Integrating DevOps and Security
Stijn Muylle
 
PPTX
OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"
Daniel Bryant
 
PPTX
JAXLondon 2015 "DevOps and the Cloud: All Hail the (Developer) King"
Daniel Bryant
 
PPTX
DevOps and the cloud: all hail the (developer) king - Daniel Bryant, Steve Poole
JAXLondon_Conference
 
PPTX
Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...
Shannon Williams
 
PPTX
Cloud Application Security: Lessons Learned
Jason Chan
 
PPTX
Container Days NYC Keynote
Boyd Hemphill
 
PPTX
DevoxxUK 2016: "DevOps: Microservices, containers, platforms, tooling... Oh y...
Daniel Bryant
 
PPTX
DevSecOps: Key Controls to Modern Security Success
Puma Security, LLC
 
SATURN 2018 "Continuous Delivery with Containers" Extended 90 version
Daniel Bryant
 
DevSecCon Tel Aviv 2018 - Security Testing for Containerised Apps by Omer Levi
DevSecCon
 
Security Testing for Containerized Applications
Soluto
 
Getting to Walk with DevOps
Eklove Mohan
 
Securing and automating your application infrastructure meetup 23112021 b
lior mazor
 
Bringing CD to the DoD
Gene Gotimer
 
DevSecOps: essential tooling to enable continuous security 2019-09-16
Rich Mills
 
Continuous Delivery (Internet-Briefing 2012-04-03)
Netcetera
 
Cloud Application Security: Lessons Learned
Jason Chan
 
Continuous Security Testing
Ray Lai
 
The eBay-Way Meetup IL - CI/CD with Microservices
yinonavraham
 
Integrating DevOps and Security
Stijn Muylle
 
OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"
Daniel Bryant
 
JAXLondon 2015 "DevOps and the Cloud: All Hail the (Developer) King"
Daniel Bryant
 
DevOps and the cloud: all hail the (developer) king - Daniel Bryant, Steve Poole
JAXLondon_Conference
 
Securing Container Deployments from Build to Ship to Run - August 2017 - Ranc...
Shannon Williams
 
Cloud Application Security: Lessons Learned
Jason Chan
 
Container Days NYC Keynote
Boyd Hemphill
 
DevoxxUK 2016: "DevOps: Microservices, containers, platforms, tooling... Oh y...
Daniel Bryant
 
DevSecOps: Key Controls to Modern Security Success
Puma Security, LLC
 
Ad

Recently uploaded (20)

PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
PDF
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
KodekX | Application Modernization Development
KodekX
 
Cloud computing and distributed systems.
kkkkkhan
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
Encapsulation theory and applications.pdf
gurumoop
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
KodekX | Application Modernization Development
KodekX
 

Securing Your Deployment Pipeline With Docker