DevSecOps teams make security

[rakhirhif8963]

DevSecOps: Five Open Source Projects
30.08.2021
Gordon Huff
Gordon Huff
an integral part of the entire application lifecycle. Gordon Huff, technology evangelist at Red Hat, shares five open source projects they can build on on the Enterprisers Project.

One of the most active areas of the cloud native landscape is projects related to various aspects of security. Historically, these new projects have focused on specific security issues; a security tool that handles everything is a dream that has yet to be realized.

Below, we look at five open source tools that aim to help teams follow a DevSecOps model, in which IT departments treat security as a shared, integrated responsibility rather than a task that jordan mobile database later in the development process. These tools are often fully integrated into maturing commercial Kubernetes platforms. However, these projects themselves offer a good window into the innovation happening in security and an opportunity to try them out as a complement to such platforms.

1. Clair
Vulnerability scanning should be considered as part of an automated DevSecOps CI/CD workflow. It can occur at multiple points in the workflow—and should continue after software is deployed to production as new threats identified in the Common Vulnerabilities and Exposures (CVE) database are discovered and as changes may occur to deployed images.

Clair is an open-source project for static vulnerability analysis of application containers. It is an API-based analysis engine that checks containers layer by layer for known security issues.