What are some best practices when securing DevOps environments?

Make static and dynamic application security testing as well as interactive application security testing, software composition analysis and container security scanning (and patching) an integral part of your DevOps 'build' pipeline processes. 

34 views
3 comments
1 upvotes
Related Tags
Anonymous Author
Make static and dynamic application security testing as well as interactive application security testing, software composition analysis and container security scanning (and patching) an integral part of your DevOps 'build' pipeline processes. 
2 upvotes
Anonymous Author
I totally agree with Harry. He said it best.
1 upvotes
Anonymous Author
Would like to add the following with respect to containers. Release - Ensure image signing and integrity of container images.  Deploy - Harden the environment with industry benchmark standards such as CIS. Enable sufficient logging. Operations - Periodic scanning of image repository for vulnerabilities. Restrict root privileges to node for containers. Restict network communication between containers. Monitor - Monitor privilege escalation and escape attempts, and container process for malicious behaviour.     
0 upvotes