SlideShare a Scribd company logo

Shift Left - How to improve your security with checkov before it’s going to production

Download as PPTX, PDF
A
Anton Grübel

This document discusses shifting security left by using infrastructure as code (IaC) security tools like Checkov to find and prevent defects early. It lists several IaC security tools including Checkov, which supports over 1000 policies across multiple cloud platforms and languages. Checkov allows custom checks to be written in Python or YAML and integrates with GitHub Actions and pre-commit hooks to shift security testing left in the development process.

Software
1 of 11
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
Anton Grübel, AWS DevOps Engineer SHIFT LEFT How to improve your security with checkov before it’s going to production
Me, Myself & I ● AWS Enthusiast ● Python Fan ● Open Source Contributor ● Playstation Gamer ● GitHub: gruebel ● PSN: anton-mai
About us 2017 Founded 100% AWS-focussed 20 Talents 33 AWS Certifications 1 AWS Competency 1 APN Ambassador 1 AWS Community Builder
What is Shift Left? Shift Left is a practice intended to find and prevent defects early in the software delivery process. The idea is to improve quality by moving tasks to the left as early in the lifecycle as possible. Kirstie Magowan (bmc)
Shift Left model
Shift Left security
IaC security tools ● cfn-nag ● terrascan ● KICS ● tfsec ● terraform-compliance ● AWS CloudFormation Guard ● checkov
Shift Left - How to improve your security with checkov before it’s going to production
checkov features ● Over 1000 built-in policies ● Supports Terraform (+ plan), CFN, ARM, Docker, Kubernetes, Helm, SLS ● Supports AWS, GCP, Azure ● Custom checks written in Python or YAML ● GitHub Action available ● pre-commit hook available ● Output as CLI, JSON or JUnit XML
Further reading ● https://www.checkov.io/3.Custom%20Policies/Custom%20Policies%20Overvi ew.html ● https://aws.amazon.com/blogs/mt/introducing-aws-cloudformation-guard-2-0/ ● https://aws.amazon.com/blogs/infrastructure-and-automation/use-git-pre- commit-hooks-avoid-aws-cloudformation-errors/ ● https://github.com/antonbabenko/pre-commit-terraform
Keep shifting left! globaldatanet globaldatanet.com hello@globaldatanet.com

More Related Content

PDF
Securing your AWS Deployments with Spinnaker and Armory Enterprise
DevOps.com
 
PDF
Serverless security - how to protect what you don't see?
Sqreen
 
PDF
Terrascan - Cloud Native Security Tool
sangam biradar
 
PDF
Pragmatic Cloud Security Automation
CloudVillage
 
PDF
Battle in the Clouds - Attacker vs Defender on AWS
CloudVillage
 
PDF
AWS DevOps Event - Innovating with DevOps on AWS
Ian Massingham
 
PPTX
The Future of Enterprise Applications is Serverless
Eficode
 
PDF
Using Splunk/ELK for auditing AWS/GCP/Azure security posture
Jose Hernandez
 
Securing your AWS Deployments with Spinnaker and Armory Enterprise
DevOps.com
 
Serverless security - how to protect what you don't see?
Sqreen
 
Terrascan - Cloud Native Security Tool
sangam biradar
 
Pragmatic Cloud Security Automation
CloudVillage
 
Battle in the Clouds - Attacker vs Defender on AWS
CloudVillage
 
AWS DevOps Event - Innovating with DevOps on AWS
Ian Massingham
 
The Future of Enterprise Applications is Serverless
Eficode
 
Using Splunk/ELK for auditing AWS/GCP/Azure security posture
Jose Hernandez
 

What's hot (16)

PPTX
Serverless beyond AWS Lambda
Ben Kehoe
 
PPTX
Of CORS thats a thing how CORS in the cloud still kills security
John Varghese
 
PPTX
Native cloud security monitoring
John Varghese
 
PPTX
Serverless Summit 21 - Resilient serverless architecture on AWS
Lee Gilmore
 
PDF
20170831 - Greg Palmier: Terraform & AWS at Tempus
DevOps Chicago
 
PDF
Spring Cloud Netflix OSS
Steve Hall
 
PDF
AWS Security
armincoralic
 
PPTX
stackArmor Security MicroSummit - AWS Security with Splunk
Gaurav "GP" Pal
 
PDF
SRE & Kubernetes
Afkham Azeez
 
PPTX
How to build the Cloud Native applications the way you want – not the way the...
Eficode
 
PDF
Monitoring Your AWS EKS Environment with Datadog
DevOps.com
 
PDF
Enforce compliance policy with model-driven automation
Puppet
 
PDF
淺談WAF在AWS的架構
4ndersonLin
 
PPTX
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
DevOps.com
 
ODP
Hybris install telco accelerators on aws-ec2
Venugopal Gummadala
 
PDF
Observability Enhancements in Steeltoe
VMware Tanzu
 
Serverless beyond AWS Lambda
Ben Kehoe
 
Of CORS thats a thing how CORS in the cloud still kills security
John Varghese
 
Native cloud security monitoring
John Varghese
 
Serverless Summit 21 - Resilient serverless architecture on AWS
Lee Gilmore
 
20170831 - Greg Palmier: Terraform & AWS at Tempus
DevOps Chicago
 
Spring Cloud Netflix OSS
Steve Hall
 
AWS Security
armincoralic
 
stackArmor Security MicroSummit - AWS Security with Splunk
Gaurav "GP" Pal
 
SRE & Kubernetes
Afkham Azeez
 
How to build the Cloud Native applications the way you want – not the way the...
Eficode
 
Monitoring Your AWS EKS Environment with Datadog
DevOps.com
 
Enforce compliance policy with model-driven automation
Puppet
 
淺談WAF在AWS的架構
4ndersonLin
 
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
DevOps.com
 
Hybris install telco accelerators on aws-ec2
Venugopal Gummadala
 
Observability Enhancements in Steeltoe
VMware Tanzu
 
Ad

Similar to Shift Left - How to improve your security with checkov before it’s going to production (8)

PDF
Shift Left. Wait, what? No, Shift Right!!!
Phillip Maddux
 
DOCX
Shift Left Save Resources DevSecOps and the CICD Pipeline
CloudZenix LLC
 
PDF
The left is not wrong, just not right; It's time to shift right!
Phillip Maddux
 
PDF
Cncf checkov and bridgecrew
LibbySchulze
 
PPTX
Shifting left – embedding security into the devops pipeline by Mike d. Kail
DevSecCon
 
PDF
Cisco_eBook_ShiftLeftSecurity_2022_06_07a.pdf
NathanDjami
 
PDF
Ops Happen: Improve Security Without Getting in the Way
SeniorStoryteller
 
PDF
AWS Infrastructure Pipeline with Terraform and Pre-commit Check
AWS User Group - Thailand
 
Shift Left. Wait, what? No, Shift Right!!!
Phillip Maddux
 
Shift Left Save Resources DevSecOps and the CICD Pipeline
CloudZenix LLC
 
The left is not wrong, just not right; It's time to shift right!
Phillip Maddux
 
Cncf checkov and bridgecrew
LibbySchulze
 
Shifting left – embedding security into the devops pipeline by Mike d. Kail
DevSecCon
 
Cisco_eBook_ShiftLeftSecurity_2022_06_07a.pdf
NathanDjami
 
Ops Happen: Improve Security Without Getting in the Way
SeniorStoryteller
 
AWS Infrastructure Pipeline with Terraform and Pre-commit Check
AWS User Group - Thailand
 
Ad

Recently uploaded (20)

PDF
Internet Downloader Manager (IDM) Crack 6.42 Build 42 Updates Latest 2025
itskinga12
 
PPTX
Reimagine Home Health with the Power of Agentic AI​
AutomationEdge Technologies
 
PPTX
Agentic AI Use Case- Contract Lifecycle Management (CLM).pptx
mhxyzzp
 
PDF
Adobe Premiere Pro 2025 (v24.5.0.057) Crack free
ghrom2211g
 
PPTX
L1 - Introduction to python Backend.pptx
MoizAhmed480282
 
PDF
T3DD25 TYPO3 Content Blocks - Deep Dive by André Kraus
Andre Kraus
 
PDF
Design an Analysis of Algorithms II-SECS-1021-03
DilanEscobar1
 
PDF
Addressing The Cult of Project Management Tools-Why Disconnected Work is Hold...
OnePlan Solutions
 
PDF
Softaken Excel to vCard Converter Software.pdf
markwillsonmw004
 
PDF
Digital Strategies for Manufacturing Companies
Virendra Rai, PMP
 
PDF
Which alternative to Crystal Reports is best for small or large businesses.pdf
Varsha Nayak
 
PDF
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
William Chong
 
PDF
medical staffing services at VALiNTRY
Tiyan Grayson
 
PDF
System and Network Administration Chapter 2
jaramharo
 
PPTX
Operating system designcfffgfgggggggvggggggggg
rmskumara09
 
PDF
Audit Checklist Design Aligning with ISO, IATF, and Industry Standards — Omne...
rohnjim07
 
PDF
wealthsignaloriginal-com-DS-text-... (1).pdf
skmiani786
 
PPTX
Agentic AI : A Practical Guide. Undersating, Implementing and Scaling Autono...
IT IDOL Technologies
 
PDF
Nekopoi APK 2025 free lastest update
umarali35kp
 
PDF
Internet Downloader Manager (IDM) Crack 6.42 Build 41
ghrom2211g
 
Internet Downloader Manager (IDM) Crack 6.42 Build 42 Updates Latest 2025
itskinga12
 
Reimagine Home Health with the Power of Agentic AI​
AutomationEdge Technologies
 
Agentic AI Use Case- Contract Lifecycle Management (CLM).pptx
mhxyzzp
 
Adobe Premiere Pro 2025 (v24.5.0.057) Crack free
ghrom2211g
 
L1 - Introduction to python Backend.pptx
MoizAhmed480282
 
T3DD25 TYPO3 Content Blocks - Deep Dive by André Kraus
Andre Kraus
 
Design an Analysis of Algorithms II-SECS-1021-03
DilanEscobar1
 
Addressing The Cult of Project Management Tools-Why Disconnected Work is Hold...
OnePlan Solutions
 
Softaken Excel to vCard Converter Software.pdf
markwillsonmw004
 
Digital Strategies for Manufacturing Companies
Virendra Rai, PMP
 
Which alternative to Crystal Reports is best for small or large businesses.pdf
Varsha Nayak
 
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
William Chong
 
medical staffing services at VALiNTRY
Tiyan Grayson
 
System and Network Administration Chapter 2
jaramharo
 
Operating system designcfffgfgggggggvggggggggg
rmskumara09
 
Audit Checklist Design Aligning with ISO, IATF, and Industry Standards — Omne...
rohnjim07
 
wealthsignaloriginal-com-DS-text-... (1).pdf
skmiani786
 
Agentic AI : A Practical Guide. Undersating, Implementing and Scaling Autono...
IT IDOL Technologies
 
Nekopoi APK 2025 free lastest update
umarali35kp
 
Internet Downloader Manager (IDM) Crack 6.42 Build 41
ghrom2211g
 

Shift Left - How to improve your security with checkov before it’s going to production

  • 1. Anton Grübel, AWS DevOps Engineer SHIFT LEFT How to improve your security with checkov before it’s going to production
  • 2. Me, Myself & I ● AWS Enthusiast ● Python Fan ● Open Source Contributor ● Playstation Gamer ● GitHub: gruebel ● PSN: anton-mai
  • 3. About us 2017 Founded 100% AWS-focussed 20 Talents 33 AWS Certifications 1 AWS Competency 1 APN Ambassador 1 AWS Community Builder
  • 4. What is Shift Left? Shift Left is a practice intended to find and prevent defects early in the software delivery process. The idea is to improve quality by moving tasks to the left as early in the lifecycle as possible. Kirstie Magowan (bmc)
  • 7. IaC security tools ● cfn-nag ● terrascan ● KICS ● tfsec ● terraform-compliance ● AWS CloudFormation Guard ● checkov
  • 9. checkov features ● Over 1000 built-in policies ● Supports Terraform (+ plan), CFN, ARM, Docker, Kubernetes, Helm, SLS ● Supports AWS, GCP, Azure ● Custom checks written in Python or YAML ● GitHub Action available ● pre-commit hook available ● Output as CLI, JSON or JUnit XML
  • 10. Further reading ● https://www.checkov.io/3.Custom%20Policies/Custom%20Policies%20Overvi ew.html ● https://aws.amazon.com/blogs/mt/introducing-aws-cloudformation-guard-2-0/ ● https://aws.amazon.com/blogs/infrastructure-and-automation/use-git-pre- commit-hooks-avoid-aws-cloudformation-errors/ ● https://github.com/antonbabenko/pre-commit-terraform
  • 11. Keep shifting left! globaldatanet globaldatanet.com hello@globaldatanet.com

Editor's Notes

  • #4: Partnerships
  • #12: https://awesomeopensource.com/project/toniblyx/my-arsenal-of-aws-security-tools