Source: thenewstack.io
Security Insights into Infrastructure-as-CodeCategory: Software, Security, Kubernetes, Infrastructure, automation
Cloud Native Computing Foundation sponsored this post, in anticipation of KubeCon+CloudNativeCon Europe 2021 – Virtual, May 4-7. Cloud native applications are more than just the code developers create: Today’s applications include Infrastructure-as-Code (IaC) that dictates how applications are set up on cloud infrastructure and how containerized applications will run on Kubernetes.
But our research shows that the teams responsible for dealing with the security of IaC is another question — and it’s still up in the air.
In fact, the automated testing and release gates that are in place for other forms of code can be used with IaC and help make security best practices part of the development and release process.
For those who said their IaC and configuration code goes through CI testing, the biggest barrier to integrating security checks is a lack of standardized best practices on what to check — with each of their separate teams making their own decision about what to test.
But our research shows that the teams responsible for dealing with the security of IaC is another question — and it’s still up in the air.
In fact, the automated testing and release gates that are in place for other forms of code can be used with IaC and help make security best practices part of the development and release process.
For those who said their IaC and configuration code goes through CI testing, the biggest barrier to integrating security checks is a lack of standardized best practices on what to check — with each of their separate teams making their own decision about what to test.
Related Articles
Community Partners
DevOps Careers