What are some best practices when securing DevOps environments?

Emerging Tech, DevOps Make static and dynamic application security testing as well as interactive application security testing, software composition analysis and container security scanning (and patching) an integral part of your DevOps 'build' pipeline processes. 

3 comments

https://www.pulse.qa

Pulse User

Make static and dynamic application security testing as well as interactive application security testing, software composition analysis and container security scanning (and patching) an integral part of your DevOps 'build' pipeline processes. 

Pulse User

I totally agree with Harry. He said it best.

Pulse User

Would like to add the following with respect to containers. Release - Ensure image signing and integrity of container images.  Deploy - Harden the environment with industry benchmark standards such as CIS. Enable sufficient logging. Operations - Periodic scanning of image repository for vulnerabilities. Restrict root privileges to node for containers. Restict network communication between containers. Monitor - Monitor privilege escalation and escape attempts, and container process for malicious behaviour.