Secure the pipeline: How we’ve built a secure Kubernetes CI/CD pipeline
Everybody wants to run their code on Kubernetes these days, but it requires a radical change to your deployment process. You want to make sure you don’t create new vulnerabilities when you take this leap. What kind of security tests can you run in this pipeline to assert that this code does not contain any known vulnerabilities?
At Soluto, we started to migrate services to Kubernetes in the recent months, and we would like to share with you what we did. In this session I’m planning to cover our CI/CD pipeline, and give extra attention to the following points:
- Scanning code dependencies
- Scanning containers
- Testing for insecure Kubernetes configurations
- Securely deploy to Kubernetes cluster
Join this session to hear our story and learn about many useful tools you can start using today to deploy secure apps to your Kubernetes cluster. All the tools I’ll present are open source tools, so using them should be as simple as possible.