Open source software is ubiquitous. While open source enables organizations to accelerate new features, applications that leverage open source and container images are a growing security concern. As noted in Snyk’s State of Open Source Security report for 2020, 74% of vulnerabilities exist in indirect Java dependencies, and 9 of the top 10 most popular container images on Docker Hub had 50 or more vulnerabilities.
It’s clear that traditional security tools, practices, and processes cannot simply be retrofitted to secure modern cloud native application development.
The current DevOps mindset and methodology needs to incorporate security as a first-class principle. In this workshop, attendees will learn how to do exactly that using Snyk.
You’ll learn how to:
- Manage and secure your open source dependencies for vulnerabilities.
- Import source code repo from GitHub.
- Discover its vulnerabilities and prioritization score to resolve top vulnerabilities.
- Review its dependency tree to understand which component is introducing the vulnerability.
- Review the remediation advice and how to implement it.
- Generate a pull request in GitHub, and merge our PR.
- Integrate security into an existing CI/CD pipeline and enforce your security gate policies.
- Build a container image for our application, scan it, and then build a secure image.
- Review our Kubernetes deployment files using Snyk Infrastructure as Code to enforce policy and eliminate misconfigurations.
Attendee Prerequisites
- A GitHub account
- A free Snyk account
- A Docker Hub, ECR, ACR, or GCR account with access to read/write
Requirements
By signing up for this workshop, you consent to have your information shared with Snyk.