SlideShare a Scribd company logo

The Devops Challenge: Open Source Security Throughout the DevOps Pipline- A WhiteSource Webinar

Download as PPTX, PDF
WhiteSource, profile picture
WhiteSource

This document discusses open source security challenges and recommendations for addressing them. It notes that over 96% of developers rely on open source components but open source vulnerabilities are rising. While companies prioritize fixes, over half do not do so efficiently based on real business impact. The document recommends integrating scanning for vulnerabilities into the entire software development lifecycle from code to deployment. Automating scanning, prioritization of issues, and remediation helps ensure open source security.

Internet
Related topics:
Insights on Software Development β€’ Information Security
1 of 20
Downloaded 25 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
The Devops Challenge: Open Source Security Throughout the DevOps Pipline- A WhiteSource Webinar
Hello! Shiri Arad Ivtsan Product Manager @WhiteSource Shiri.ivtsan@WhiteSourceSoftware.com
Continuous Delivery
Continuous Delivery
Open Source 96.8%of the developers rely on open source components
Security in Open Source
Some Basic Statistics * Based on a survey conducted in more than 650 companies
OSS Security Vulnerabilities Are On The Rise 51% The observed YoY rise of reported vulnerabilities in 2017
Open Source Challenges Onechallenging area in particular is pronounced
Companies Do Not Prioritize Their Fixes Efficiently Criticality of the project that might be impacted by the vulnerability Availability of the suggested fix Perceived impact of the vulnerability on projects Number of software libraries containing the vulnerability Vulnerability severity Creation date of the vulnerability alert prioritize based on the real business impact ~56% Just
Recent News Integrity Availability Security-Protection
The Devops Challenge: Open Source Security Throughout the DevOps Pipline- A WhiteSource Webinar
Security Throughout The SDLC Pipeline
Scan
CI/CD Pipeline Code Build Package Deploy
Code Code Build Package Deploy β€’ Choose the right component from the earliest stages β€’ Automatically open pull requests for patches β€’ Restrict merges if vulnerabilities exist
Build Code Build Package Deploy β€’ Scan on any build β€’ Fail builds based on policies (i.e high severity vulnerabilities)
Package Code Build Package Deploy β€’ Scan Docker images – in private and public image registries
Deploy Code Build Package Deploy β€’ Scan upon deployment to your production platform β€’ Monitor running applications in production for newly published vulnerabilities
Key Takeaways Know your code Monitor it frequently Make it simple & faster: Automate β€’ Automate the scanning β€’ Automate the prioritization β€’ Automate your remediation

More Related Content

PPTX
Automating Open Source Security: A SANS Review of WhiteSource
WhiteSource
Β 
PDF
From Zero To Hero: Continuous Container Security in 4 Simple Steps- A WhiteSo...
WhiteSource
Β 
PDF
CI/CD pipeline security from start to finish with WhiteSource & CircleCI
WhiteSource
Β 
PPTX
WhiteSource Webinar What's New With WhiteSource in December 2018
WhiteSource
Β 
PPTX
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
WhiteSource
Β 
PPTX
The State of Open Source Vulnerabilities - A WhiteSource Webinar
WhiteSource
Β 
PDF
Open Source Security at Scale- The DevOps ChallengeΒ 
WhiteSource
Β 
PPTX
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
WhiteSource
Β 
Automating Open Source Security: A SANS Review of WhiteSource
WhiteSource
Β 
From Zero To Hero: Continuous Container Security in 4 Simple Steps- A WhiteSo...
WhiteSource
Β 
CI/CD pipeline security from start to finish with WhiteSource & CircleCI
WhiteSource
Β 
WhiteSource Webinar What's New With WhiteSource in December 2018
WhiteSource
Β 
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
WhiteSource
Β 
The State of Open Source Vulnerabilities - A WhiteSource Webinar
WhiteSource
Β 
Open Source Security at Scale- The DevOps ChallengeΒ 
WhiteSource
Β 
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
WhiteSource
Β 

What's hot (20)

PPTX
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
WhiteSource
Β 
PPTX
Find Out What's New With WhiteSource May 2018- A WhiteSource Webinar
WhiteSource
Β 
PPTX
Managing Open Source in Application Security and Software Development Lifecycle
Black Duck by Synopsys
Β 
PDF
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
Threat Stack
Β 
PPTX
Empowering Application Security Protection in the World of DevOps
IBM Security
Β 
PPTX
7 Reasons Your Applications are Attractive to Adversaries
Derek E. Weeks
Β 
PPTX
September 13, 2016: Security in the Age of Open Source:
Black Duck by Synopsys
Β 
PDF
PIACERE - DevSecOps Automated
PIACERE
Β 
PPTX
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
Great Wide Open
Β 
PDF
Myths and Misperceptions of Open Source Security
Black Duck by Synopsys
Β 
PDF
How to automate your DevSecOps successfully
Manuel Pistner
Β 
PPTX
Open Source Security
Sander Temme
Β 
PDF
Find Out What's New With WhiteSource September 2018- A WhiteSource Webinar
WhiteSource
Β 
PPTX
DevSecOps outline
Nickleus Jimenez
Β 
PDF
Dev week cloud world conf2021
Archana Joshi
Β 
PPTX
Security in the Age of Open Source
Black Duck by Synopsys
Β 
PDF
Devops security-An Insight into Secure-SDLC
Suman Sourav
Β 
PPTX
Secure application deployment in Apache CloudStack
Tim Mackey
Β 
PPTX
DevSecOps Days SF at RSA Conference 2018
DevSecOps Days
Β 
PDF
Open Source in Application Security
Black Duck by Synopsys
Β 
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
WhiteSource
Β 
Find Out What's New With WhiteSource May 2018- A WhiteSource Webinar
WhiteSource
Β 
Managing Open Source in Application Security and Software Development Lifecycle
Black Duck by Synopsys
Β 
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
Threat Stack
Β 
Empowering Application Security Protection in the World of DevOps
IBM Security
Β 
7 Reasons Your Applications are Attractive to Adversaries
Derek E. Weeks
Β 
September 13, 2016: Security in the Age of Open Source:
Black Duck by Synopsys
Β 
PIACERE - DevSecOps Automated
PIACERE
Β 
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
Great Wide Open
Β 
Myths and Misperceptions of Open Source Security
Black Duck by Synopsys
Β 
How to automate your DevSecOps successfully
Manuel Pistner
Β 
Open Source Security
Sander Temme
Β 
Find Out What's New With WhiteSource September 2018- A WhiteSource Webinar
WhiteSource
Β 
DevSecOps outline
Nickleus Jimenez
Β 
Dev week cloud world conf2021
Archana Joshi
Β 
Security in the Age of Open Source
Black Duck by Synopsys
Β 
Devops security-An Insight into Secure-SDLC
Suman Sourav
Β 
Secure application deployment in Apache CloudStack
Tim Mackey
Β 
DevSecOps Days SF at RSA Conference 2018
DevSecOps Days
Β 
Open Source in Application Security
Black Duck by Synopsys
Β 
Ad

Similar to The Devops Challenge: Open Source Security Throughout the DevOps Pipline- A WhiteSource Webinar (20)

PDF
The DevOps Challenge: Open Source Security at Scale
DevOps.com
Β 
PDF
Winning open source vulnerabilities without loosing your deveopers - Azure De...
WhiteSource
Β 
PPTX
Welcome & The State of Open Source Security
Jerika Phelps
Β 
PDF
All Things Open 2022 - State of OSS Security & Support
Javier Perez
Β 
PDF
The State of Open Source Vulnerabilities Management
WhiteSource
Β 
PDF
The State of Open Source Vulnerabilities Management
SBWebinars
Β 
PDF
Synopsys Security Event Israel Presentation: New AppSec Paradigms with Open S...
Synopsys Software Integrity Group
Β 
PPTX
All You need to Know about Secure Coding with Open Source Software
Javier Perez
Β 
PPTX
A question of trust - understanding Open Source risks
Tim Mackey
Β 
PPTX
Secure application deployment in the age of continuous delivery
Black Duck by Synopsys
Β 
PDF
(In)security in Open Source
Shane Coughlan
Β 
PDF
Webinar–2019 Open Source Risk Analysis Report
Synopsys Software Integrity Group
Β 
PPTX
Security in the age of open source - Myths and misperceptions
Tim Mackey
Β 
PPTX
Secure application deployment in the age of continuous delivery
Black Duck by Synopsys
Β 
PPTX
Secure application deployment in the age of continuous delivery
Tim Mackey
Β 
PDF
Donu’t Let Vulnerabilities Create a Hole in Your Organization
DevOps.com
Β 
PPTX
Open Source Insight: NotPetya Strikes, Patching Is Vital for Risk Management
Black Duck by Synopsys
Β 
PDF
2016 Future of Open Source Survey Results
Black Duck by Synopsys
Β 
PPTX
Open Source Insight: CVE-2017-2636 Vuln of the Week & UK National Cyber Secur...
Black Duck by Synopsys
Β 
PPTX
Black Duck & IBM Present: Application Security in the Age of Open Source
Black Duck by Synopsys
Β 
The DevOps Challenge: Open Source Security at Scale
DevOps.com
Β 
Winning open source vulnerabilities without loosing your deveopers - Azure De...
WhiteSource
Β 
Welcome & The State of Open Source Security
Jerika Phelps
Β 
All Things Open 2022 - State of OSS Security & Support
Javier Perez
Β 
The State of Open Source Vulnerabilities Management
WhiteSource
Β 
The State of Open Source Vulnerabilities Management
SBWebinars
Β 
Synopsys Security Event Israel Presentation: New AppSec Paradigms with Open S...
Synopsys Software Integrity Group
Β 
All You need to Know about Secure Coding with Open Source Software
Javier Perez
Β 
A question of trust - understanding Open Source risks
Tim Mackey
Β 
Secure application deployment in the age of continuous delivery
Black Duck by Synopsys
Β 
(In)security in Open Source
Shane Coughlan
Β 
Webinar–2019 Open Source Risk Analysis Report
Synopsys Software Integrity Group
Β 
Security in the age of open source - Myths and misperceptions
Tim Mackey
Β 
Secure application deployment in the age of continuous delivery
Black Duck by Synopsys
Β 
Secure application deployment in the age of continuous delivery
Tim Mackey
Β 
Donu’t Let Vulnerabilities Create a Hole in Your Organization
DevOps.com
Β 
Open Source Insight: NotPetya Strikes, Patching Is Vital for Risk Management
Black Duck by Synopsys
Β 
2016 Future of Open Source Survey Results
Black Duck by Synopsys
Β 
Open Source Insight: CVE-2017-2636 Vuln of the Week & UK National Cyber Secur...
Black Duck by Synopsys
Β 
Black Duck & IBM Present: Application Security in the Age of Open Source
Black Duck by Synopsys
Β 
Ad

More from WhiteSource (17)

PPTX
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps
WhiteSource
Β 
PDF
Innocent Vulnerabilities vs. Malicious Backdoors: How to Manage Your Risk
WhiteSource
Β 
PDF
Empowering Financial Institutions to Use Open Source With Confidence
WhiteSource
Β 
PDF
Tackling the Container Iceberg:How to approach security when most of your sof...
WhiteSource
Β 
PDF
Taking Open Source Security to the Next Level
WhiteSource
Β 
PDF
Securing Container-Based Applications at the Speed of DevOps
WhiteSource
Β 
PDF
The Challenges of Scaling DevSecOps
WhiteSource
Β 
PDF
Tackling the Risks of Open Source Security: 5 Things You Need to Know
WhiteSource
Β 
PDF
Open Source Security: How to Lay the Groundwork for a Secure Culture
WhiteSource
Β 
PDF
Deep Dive into Container Security
WhiteSource
Β 
PDF
Fire alarms vs. Fire hoses: Keeping up with Dependencies
WhiteSource
Β 
PDF
DevSecOps: Closing the Loop from Detection to Remediation
WhiteSource
Β 
PDF
Barriers to Container Security and How to Overcome Them
WhiteSource
Β 
PDF
SAST (Static Application Security Testing) vs. SCA (Software Composition Anal...
WhiteSource
Β 
PDF
Top Open Source Licenses Explained
WhiteSource
Β 
PPTX
Strategies for Improving Enterprise Application Security - a WhiteSource Webinar
WhiteSource
Β 
PPTX
How temenos manages open source use, the easy way combined
WhiteSource
Β 
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps
WhiteSource
Β 
Innocent Vulnerabilities vs. Malicious Backdoors: How to Manage Your Risk
WhiteSource
Β 
Empowering Financial Institutions to Use Open Source With Confidence
WhiteSource
Β 
Tackling the Container Iceberg:How to approach security when most of your sof...
WhiteSource
Β 
Taking Open Source Security to the Next Level
WhiteSource
Β 
Securing Container-Based Applications at the Speed of DevOps
WhiteSource
Β 
The Challenges of Scaling DevSecOps
WhiteSource
Β 
Tackling the Risks of Open Source Security: 5 Things You Need to Know
WhiteSource
Β 
Open Source Security: How to Lay the Groundwork for a Secure Culture
WhiteSource
Β 
Deep Dive into Container Security
WhiteSource
Β 
Fire alarms vs. Fire hoses: Keeping up with Dependencies
WhiteSource
Β 
DevSecOps: Closing the Loop from Detection to Remediation
WhiteSource
Β 
Barriers to Container Security and How to Overcome Them
WhiteSource
Β 
SAST (Static Application Security Testing) vs. SCA (Software Composition Anal...
WhiteSource
Β 
Top Open Source Licenses Explained
WhiteSource
Β 
Strategies for Improving Enterprise Application Security - a WhiteSource Webinar
WhiteSource
Β 
How temenos manages open source use, the easy way combined
WhiteSource
Β 

Recently uploaded (20)

PPTX
June-4-Sermon-Powerpoint.pptx USE THIS FOR YOUR MOTIVATION
KuyaRogie
Β 
PDF
Automated vs Manual WooCommerce to Shopify Migration_ Pros & Cons.pdf
CartCoders
Β 
PDF
πŸ’° π”πŠπ“πˆ πŠπ„πŒπ„ππ€ππ†π€π πŠπˆππ„π‘πŸ’πƒ π‡π€π‘πˆ 𝐈𝐍𝐈 πŸπŸŽπŸπŸ“ πŸ’°
GRAB
Β 
PPT
Design_with_Watersergyerge45hrbgre4top (1).ppt
DiogoRibeiro730590
Β 
PDF
Decoding a Decade: 10 Years of Applied CTI Discipline
Andreas Sfakianakis
Β 
PDF
Smart Home Technology for Health Monitoring (www.kiu.ac.ug)
publication11
Β 
PDF
FINAL CALL-6th International Conference on Networks & IOT (NeTIOT 2025)
IJMIT JOURNAL
Β 
PPTX
Introduction about ICD -10 and ICD11 on 5.8.25.pptx
naveenithkrishnan
Β 
PPTX
Power Point - Lesson 3_2.pptx grad school presentation
JoyPPD
Β 
PPTX
PptxGenJS_Demo_Chart_20250317130215833.pptx
itruongva
Β 
PPTX
international classification of diseases ICD-10 review PPT.pptx
naveenithkrishnan
Β 
PDF
Exploring VPS Hosting Trends for SMBs in 2025
Liquid Web
Β 
PDF
Sims 4 Historia para lo sims 4 para jugar
lolpopy34
Β 
PPTX
Introuction about ICD -10 and ICD-11 PPT.pptx
naveenithkrishnan
Β 
PPTX
INTERNET------BASICS-------UPDATED PPT PRESENTATION
poonam62133
Β 
PPTX
E -tech empowerment technologies PowerPoint
kylebalatero12
Β 
PPTX
SAP Ariba Sourcing PPT for learning material
NKKumar16
Β 
PDF
WebRTC in SignalWire - troubleshooting media negotiation
Giacomo Vacca
Β 
PPTX
artificialintelligenceai1-copy-210604123353.pptx
b45r14
Β 
PPT
FIRE PREVENTION AND CONTROL PLAN- LUS.FM.MQ.OM.UTM.PLN.00014.ppt
MelwinPaul6
Β 
June-4-Sermon-Powerpoint.pptx USE THIS FOR YOUR MOTIVATION
KuyaRogie
Β 
Automated vs Manual WooCommerce to Shopify Migration_ Pros & Cons.pdf
CartCoders
Β 
πŸ’° π”πŠπ“πˆ πŠπ„πŒπ„ππ€ππ†π€π πŠπˆππ„π‘πŸ’πƒ π‡π€π‘πˆ 𝐈𝐍𝐈 πŸπŸŽπŸπŸ“ πŸ’°
GRAB
Β 
Design_with_Watersergyerge45hrbgre4top (1).ppt
DiogoRibeiro730590
Β 
Decoding a Decade: 10 Years of Applied CTI Discipline
Andreas Sfakianakis
Β 
Smart Home Technology for Health Monitoring (www.kiu.ac.ug)
publication11
Β 
FINAL CALL-6th International Conference on Networks & IOT (NeTIOT 2025)
IJMIT JOURNAL
Β 
Introduction about ICD -10 and ICD11 on 5.8.25.pptx
naveenithkrishnan
Β 
Power Point - Lesson 3_2.pptx grad school presentation
JoyPPD
Β 
PptxGenJS_Demo_Chart_20250317130215833.pptx
itruongva
Β 
international classification of diseases ICD-10 review PPT.pptx
naveenithkrishnan
Β 
Exploring VPS Hosting Trends for SMBs in 2025
Liquid Web
Β 
Sims 4 Historia para lo sims 4 para jugar
lolpopy34
Β 
Introuction about ICD -10 and ICD-11 PPT.pptx
naveenithkrishnan
Β 
INTERNET------BASICS-------UPDATED PPT PRESENTATION
poonam62133
Β 
E -tech empowerment technologies PowerPoint
kylebalatero12
Β 
SAP Ariba Sourcing PPT for learning material
NKKumar16
Β 
WebRTC in SignalWire - troubleshooting media negotiation
Giacomo Vacca
Β 
artificialintelligenceai1-copy-210604123353.pptx
b45r14
Β 
FIRE PREVENTION AND CONTROL PLAN- LUS.FM.MQ.OM.UTM.PLN.00014.ppt
MelwinPaul6
Β 

The Devops Challenge: Open Source Security Throughout the DevOps Pipline- A WhiteSource Webinar

Editor's Notes

  • #12: Recent news – general vulnerability or open source?
  • #13: What’s this about? Apache struts in a docker environment (in