DevSecOps Articles

Kubernetes CI/CD Best Practices

With all of the benefits that Kubernetes has, having good CI/CD practices is key. Kubernetes did not magically erase the discipline that your CI/CD journey has taken you on before Kubernetes. Leverage Kubernetes’s strengths to further your CI/CD journey. Click Here to Learn more.

TOP 10 CI/CD SECURITY RISKS

This open sourced guidance available here helps defenders identify focus areas for securing their CI/CD ecosystem. It is the result of extensive research into attack vectors associated with CI/CD, and the analysis of high profile breaches and security flaws.

WHAT DEVSECOPS IN AZURE MEANS?

Published: 8/15/2021

DevSecOps involves the following:


The data flow and security perspective start with Azure AD, GitHub security scanning, container image scanning, and Continuous monitoring with Azure Sentinel.


As an addition and final part of a DevSecOps flow, Azure Security Center will be able to do active threat monitoring on the Azure Kubernetes service, on both Node level and internals.


WHAT IS YOUR DEVSECOPS TOOLCHAIN?

Published: 8/15/2021

Gartner addresses strategic planning as a DevSecOps best practice is what in their Integrating Security Into the DevSecOps Toolchain report. Such planning is crucial because it enables enterprises to face the key challenges that DevOps poses to their in-house development, operations, and security teams. 

Security and risk management must adapt security tools, processes, and policies to the DevOps toolchain without slowing the development and release process.