DevSecOps: Five Open Source Projects

[rakhirhif8963]

Gordon Huff
Gordon Huff
DevSecOps teams make security an integral part of the entire application lifecycle. Gordon Huff, technology evangelist at Red Hat, shares five open source projects they can build on on the Enterprisers Project.

One of the most active areas of the cloud native landscape is projects related to various aspects of security. Historically, these new projects have focused on specific security issues; a security tool that handles everything is a dream that has yet to be realized.

Below, we look at five open source tools that aim to help teams follow a DevSecOps model, in which IT departments treat security as a shared, integrated responsibility rather than a task that occurs later in the development process. These tools are often fully integrated into maturing commercial Kubernetes platforms. However, these projects themselves offer a good window into the innovation happening in security and an opportunity to try them out as a complement to such platforms.

1. Clair
Vulnerability scanning should be considered as el salvador mobile database of an automated DevSecOps CI/CD workflow. It can occur at multiple points in the workflow—and should continue after software is deployed to production as new threats identified in the Common Vulnerabilities and Exposures (CVE) database are discovered and as changes may occur to deployed images.

Clair is an open-source project for static vulnerability analysis of application containers. It is an API-based analysis engine that checks containers layer by layer for known security issues.

Using Clair, you can create services that continuously monitor container vulnerabilities. This type of service is especially important when organizations download container images directly. However, even when containers are built from source, vulnerabilities can creep in over time as new ones emerge.