What are some best practices when securing DevOps environments?

Top Answer : Make static and dynamic application security testing as well as interactive application security testing, software composition analysis and container security scanning (and patching) an integral part of your DevOps 'build' pipeline processes. 

32 views
3 comments
1 upvotes
Related Tags
Red USB Stick
Educational Services
Make static and dynamic application security testing as well as interactive application security testing, software composition analysis and container security scanning (and patching) an integral part of your DevOps 'build' pipeline processes. 
2 upvotes
Blue Hard Drive
Government
I totally agree with Harry. He said it best.
1 upvotes
Green Terminal
Software
Would like to add the following with respect to containers. Release - Ensure image signing and integrity of container images.  Deploy - Harden the environment with industry benchmark standards such as CIS. Enable sufficient logging. Operations - Periodic scanning of image repository for vulnerabilities. Restrict root privileges to node for containers. Restict network communication between containers. Monitor - Monitor privilege escalation and escape attempts, and container process for malicious behaviour.     
0 upvotes