Use a private trusted container registry like Azure Container Registry (ACR). Container images are typically stored in container registries.Only use images that are verified via your scanning process.Instead of using clear-text secrets in container images, use Kubernetes Secrets to store secrets or Key Vault.The scanning can be done in the CI/CD pipeline or on existing containers in a registry. Use an enterprise container security solution like Twistlock, Sysdig Secure, or Aqua, which can scan your images for vulnerabilities.There are several ways you can secure images:
#Roadblock registry software#
Risks for container images include clear-text secrets, embedded malware, insecure software or libraries, bugs, outdated/stale images, and the use of untrusted images. Securing container images and the container registriesįirst, let’s address the two most common security risks for containerization: the container images themselves and the container registries. Let’s look at the risk areas of containers and Kubernetes along with the DevSecOps best practices that help mitigate them. With container technology, you have an orchestration platform, host OS, container runtime, container images, container registry, and the running containers-all of which need to be secured in order to avoid risks like deficient authorization/authentication, bugs, and misconfiguration. Kubernetes achieving even faster growth, increasing from 27 percent to 48 percent adoption.”Īs companies start to adopt Kubernetes, it’s critical to incorporate DevSecOps best practices, especially because container applications have multiple layers of abstraction. The use of Docker containers continues to grow, with adoption increasing to 57 percent from 49 percent in 2018. Results from the RightScale 2019 State of the Cloud Report show that “Container use is up, and Kubernetes use is skyrocketing. The most popular orchestration platform for running containers is Kubernetes. Rather, DevSecOps promotes a collaborative approach to security so that it becomes a central part of the application lifecycle.Īt the same time, the modernization of infrastructure and applications is driving the rapid growth of containers and container orchestration platforms as a part of DevOps. DevSecOps is not about slowing progress or sacrificing agility gained through DevOps. Today, security is not just the responsibility of the security teams-it is a shared responsibility among all the teams in the applications lifecycle.
Traditional security processes can often become a roadblock when delivering software via DevOps processes at the rate that today’s business world demands.
0 kommentar(er)
