There is little doubt that DevOps philosophies have been taking over in many different types of organizations, providing the advantages of faster time to market as well as greater flexibility and resiliency.

You’ve probably heard about shifting security to the left or of the need to inject security into each step of the DevOps cycle. But why do we need so much security, how are we supposed to fit it in and just where is “the left”?

This year at Infosecurity Europe 2018, I’ll be discussing these topics in my talk “Shifting Left: Integrated Container Security and DevSecOps,” which you can find in the Tripwire booth theatre at stand E50.

A slogan of the DevOps movement is to “Move Fast and Break Things,” striking fear into the hearts of traditional IT and security professionals.

Modern teams are moving fast by combining elements of software development and system administration. This rapid delivery is a huge advantage in the midst of a demanding and competitive market, but it can also introduce new risk and vulnerabilities if security is compromised for speed.

Effective DevSecOps requires a mix of modern tools and methods with foundational security controls.

For example, build systems, containers and orchestration tools can be used together with more traditional security mechanisms, such as file integrity monitoring, access control and vulnerability management.  Implementing controls and security features from the start provides a layered defense against even the most agile attackers. This allows for the advantages of DevOps without sacrificing your organization’s security.

In my presentation, I’ll discuss some of the ways Tripwire can help in the pursuit of a robust DevSecOps practice. I’ll be diving into the Container Analyzer Service, a new offering providing an integration point for vulnerability management of Docker images within your build pipeline. The Container Analyzer Service adds the ability to evaluate Docker images for vulnerabilities before they hit production.

via:  tripwire