continuous security with jenkins, docker bench, and amazon...
TRANSCRIPT
![Page 1: Continuous Security with Jenkins, Docker Bench, and Amazon ...sandrocirulli.net/site/wp-content/uploads/2016/10/... · Amazon Inspector I Amazon Inspector is an automated security](https://reader033.vdocuments.net/reader033/viewer/2022042218/5ec464ebdb60ee0b64135e9c/html5/thumbnails/1.jpg)
Continuous Security withJenkins, Docker Bench, and Amazon
Inspector
Sandro CirulliOxford University Press (OUP)
CD Summit and Jenkins DaysAmsterdam - Berlin, October 2016
![Page 2: Continuous Security with Jenkins, Docker Bench, and Amazon ...sandrocirulli.net/site/wp-content/uploads/2016/10/... · Amazon Inspector I Amazon Inspector is an automated security](https://reader033.vdocuments.net/reader033/viewer/2022042218/5ec464ebdb60ee0b64135e9c/html5/thumbnails/2.jpg)
Content
1. Introduction
2. DevSecOps
3. Docker Bench + Demo
4. Amazon Inspector + Demo
5. Summary
![Page 3: Continuous Security with Jenkins, Docker Bench, and Amazon ...sandrocirulli.net/site/wp-content/uploads/2016/10/... · Amazon Inspector I Amazon Inspector is an automated security](https://reader033.vdocuments.net/reader033/viewer/2022042218/5ec464ebdb60ee0b64135e9c/html5/thumbnails/3.jpg)
About Me
I I work as Platform Tech Lead at Oxford University Press
I I am responsible for system administration and DevOps
I I co-organize DevOps Oxford Meetup and we’re looking forspeakers!
3/13
![Page 4: Continuous Security with Jenkins, Docker Bench, and Amazon ...sandrocirulli.net/site/wp-content/uploads/2016/10/... · Amazon Inspector I Amazon Inspector is an automated security](https://reader033.vdocuments.net/reader033/viewer/2022042218/5ec464ebdb60ee0b64135e9c/html5/thumbnails/4.jpg)
Oxford University Press (OUP)
I OUP is the largest university press in the world
I OUP is a world-renowned dictionary publisher and the homeof the Oxford English Dictionary
I We recently launched the Oxford Dictionaries API
4/13
![Page 5: Continuous Security with Jenkins, Docker Bench, and Amazon ...sandrocirulli.net/site/wp-content/uploads/2016/10/... · Amazon Inspector I Amazon Inspector is an automated security](https://reader033.vdocuments.net/reader033/viewer/2022042218/5ec464ebdb60ee0b64135e9c/html5/thumbnails/5.jpg)
In 2015 an average of 25software vulnerabilities
were discovered every dayNational Vulnerability Database
https://web.nvd.nist.gov/view/vuln/statistics
5/13
![Page 6: Continuous Security with Jenkins, Docker Bench, and Amazon ...sandrocirulli.net/site/wp-content/uploads/2016/10/... · Amazon Inspector I Amazon Inspector is an automated security](https://reader033.vdocuments.net/reader033/viewer/2022042218/5ec464ebdb60ee0b64135e9c/html5/thumbnails/6.jpg)
DevSecOps
I DevSecOps is a cultural mindset where everyone isresponsible for security
I Continuous Security, Security as Code, and Security byDesign
I DevSecOps is NOT DevOps + Security
6/13
![Page 7: Continuous Security with Jenkins, Docker Bench, and Amazon ...sandrocirulli.net/site/wp-content/uploads/2016/10/... · Amazon Inspector I Amazon Inspector is an automated security](https://reader033.vdocuments.net/reader033/viewer/2022042218/5ec464ebdb60ee0b64135e9c/html5/thumbnails/7.jpg)
Docker Bench
I Docker Bench is a script for checking security best practicesin Docker containers
I Co-developed by Diogo Monica, security lead at Docker
I Based on CIS Docker 1.1.0 Benchmark
7/13
![Page 8: Continuous Security with Jenkins, Docker Bench, and Amazon ...sandrocirulli.net/site/wp-content/uploads/2016/10/... · Amazon Inspector I Amazon Inspector is an automated security](https://reader033.vdocuments.net/reader033/viewer/2022042218/5ec464ebdb60ee0b64135e9c/html5/thumbnails/8.jpg)
Demo
Docker BenchTalk is cheap. Show me the code.
Linus Torvalds
![Page 9: Continuous Security with Jenkins, Docker Bench, and Amazon ...sandrocirulli.net/site/wp-content/uploads/2016/10/... · Amazon Inspector I Amazon Inspector is an automated security](https://reader033.vdocuments.net/reader033/viewer/2022042218/5ec464ebdb60ee0b64135e9c/html5/thumbnails/9.jpg)
Amazon Inspector
I Amazon Inspector is an automated security assessmentservice on AWS
I Identifies vulnerabilities at operating system and networklevels
I Scans against several rules packages (CVE, CIS, etc.)
9/13
![Page 10: Continuous Security with Jenkins, Docker Bench, and Amazon ...sandrocirulli.net/site/wp-content/uploads/2016/10/... · Amazon Inspector I Amazon Inspector is an automated security](https://reader033.vdocuments.net/reader033/viewer/2022042218/5ec464ebdb60ee0b64135e9c/html5/thumbnails/10.jpg)
Demo
Amazon Inspector
Talk is cheap. Show me the code.
Linus Torvalds
![Page 11: Continuous Security with Jenkins, Docker Bench, and Amazon ...sandrocirulli.net/site/wp-content/uploads/2016/10/... · Amazon Inspector I Amazon Inspector is an automated security](https://reader033.vdocuments.net/reader033/viewer/2022042218/5ec464ebdb60ee0b64135e9c/html5/thumbnails/11.jpg)
Integration with Jenkins Pipeline
11/13
![Page 12: Continuous Security with Jenkins, Docker Bench, and Amazon ...sandrocirulli.net/site/wp-content/uploads/2016/10/... · Amazon Inspector I Amazon Inspector is an automated security](https://reader033.vdocuments.net/reader033/viewer/2022042218/5ec464ebdb60ee0b64135e9c/html5/thumbnails/12.jpg)
Summary
I DevSecOps is cultural mindset where everyone isresponsible for security
I Docker Bench is a script for checking security best practicesin Docker containers
I Amazon Inspector is an automated security assessmentservice on AWS
I Focus on Continuous Security rather than a specific tool
12/13
![Page 13: Continuous Security with Jenkins, Docker Bench, and Amazon ...sandrocirulli.net/site/wp-content/uploads/2016/10/... · Amazon Inspector I Amazon Inspector is an automated security](https://reader033.vdocuments.net/reader033/viewer/2022042218/5ec464ebdb60ee0b64135e9c/html5/thumbnails/13.jpg)
Thank you for your attention!
Contact:[email protected]
www.sandrocirulli.net/contact
Slides:www.sandrocirulli.net/cd-summit-and-jenkins-days-2016
Blog Posts:www.sandrocirulli.net/continuous-security-with-jenkins-and-docker-
benchwww.sandrocirulli.net/continuous-security-with-jenkins-and-
amazon-inspector
Links:Oxford Dictionaries API: developer.oxforddictionaries.com
DevOps Meetup Oxford: www.meetup.com/doxford