Creating a Trusted Container Supply Chain

Source: thenewstack.io

Creating a Trusted Container Supply Chain

Category: Software, Security, Kubernetes, Jenkins, container, github

Cloud Native Computing Foundation and Palo Alto Networks sponsored this post, in anticipation of KubeCon+CloudNativeCon North America 2021 on Oct. 11-15. First, the full stack of the container, from the base image up, must be verified as secure, with acceptable levels of risk for vulnerabilities and configurations. Second, during each phase of the software development life cycle — from development, through the CI/CD pipeline into deployment — there should be consistent feedback and guardrails for violations of those acceptable levels of risk.

If you find that perfect image, running it through a scanner can verify the posture of the image and identify known and unknown malware before you run it in your cluster.

That way, instead of building dependencies on an old release with vulnerabilities, you upgrade first and build on that.
Read Full Article On thenewstack.io
Achieve superior email deliverability with ToastMail! Our AI-driven tool warms up inboxes, monitors reputation, and ensures emails reach their intended destination. Sign up today for a spam-free future.

Related Articles

Remediating the October 2018 Git Security Vulnerability – Microsoft DevOps Blog
Remediating the October 2018 Git Security Vulnerability – Microsoft DevOps Blog
Splunk Aims to Trigger DevOps Processes
Splunk Aims to Trigger DevOps Processes
DevOps Chat: JFrog Announces $165 Million Funding Round
DevOps Chat: JFrog Announces $165 Million Funding Round
Community Partners
CrowdSec
Autonomous.ai | Best Standing Desks & Ergonomic Office Chairs

CloudWays

Digital Ocean

Become a Partner?
DevOps Careers
    • Add a Job?