DevSecOps in the Age of Containers
As IT shops look to move their workloads into containers and the cloud, their initial concerns often center around the security implications. Containers do force us to change how we think about securing our application, but they also offer exciting new opportunities. Curtis Yanko will explore the security concerns that come along with containers and take a deep dive into container composability and how modern tooling makes it possible to automate security and compliance concerns across the entre application stack. Curtis will share a project via GitHub that has a reference Jenkins pipeline demonstrating how to automate security and compliance at build time. You will take home ideas for minimizing attack surface, avoiding known bad libraries and frameworks, validating your configuration, and using machine learning to model application behavior.