Skip to content

Security and DevSecOps. Container Security

Introduction

Quality Gates

16 Gates

  • medium: Focusing on the DevOps Pipeline 🌟 Delivering High Quality Working Software Faster with Agile DevOps. At Capital One, we design pipelines using the concept of the “16 Gates”. These are our guiding design principles and they are:
    • Source code version control
    • Optimum branching strategy
    • Static analysis
    • More than 80% code coverage
    • Vulnerability scan
    • Open source scan
    • Artifact version control
    • Auto provisioning
    • Immutable servers
    • Integration testing
    • Performance testing
    • Build deploy testing automated for every commit
    • Automated rollback
    • Automated change order
    • Zero downtime release
    • Feature toggle
  • github.com/hygieia/Hygieia 🌟 CapitalOne DevOps Dashboard

Kubernetes Threat Modelling

Kubernetes Config Security Threats

Security Linting on Kubernetes

IaC and Security

Multi-Level Security (MLS) vs Multi-Category Security (MCS). Make Secure Pipelines with Podman and Containers

Project Calico

Security Patterns for Microservice Architectures

Anchore Container Security Solutions for DevSecOps

  • Anchore Container image inspection and policy-based compliance

Twistlock and Threat Stack Container Security

OWASP

StackRox

Secure Container Based CI/CD Workflows

Securing Kubernetes With Anchore

GitHub security

Databases in DMZ and Intranet

Removing Credentials From Git Repo

Pentesting

SQL Injection

Credential Managers

keycloak

Git Credential Manager Core

GitOps Secret Management

HashiCorp Vault

CyberArk and Ansible

CyberArk Conjur

SOPS for Kubernetes

Alternatives with Kubernetes External Secrets

Serverless Security Best Practices

Docker Images & Container Security

Pod Security Policies

Kubernetes Network Policies

Static Analysis SAST

Kubernetes Security Tools

Helm Charts Security

Password Recovery

Books

CVEs