• Home

  • Documents

  • Continuous Security with Jenkins, Docker Bench, and Amazon
13
Continuous Security with Jenkins, Docker Bench, and Amazon Inspector Sandro Cirulli Oxford University Press (OUP) CD Summit and Jenkins Days Amsterdam - Berlin, October 2016

Continuous Security with Jenkins, Docker Bench, and Amazon

  • Upload
    buihanh

  • View
    267

  • Download
    3

Embed Size (px)

Citation preview

Page 1: Continuous Security with Jenkins, Docker Bench, and Amazon

Continuous Security withJenkins, Docker Bench, and Amazon

Inspector

Sandro CirulliOxford University Press (OUP)

CD Summit and Jenkins DaysAmsterdam - Berlin, October 2016

Page 2: Continuous Security with Jenkins, Docker Bench, and Amazon

Content

1. Introduction

2. DevSecOps

3. Docker Bench + Demo

4. Amazon Inspector + Demo

5. Summary

Page 3: Continuous Security with Jenkins, Docker Bench, and Amazon

About Me

I I work as Platform Tech Lead at Oxford University Press

I I am responsible for system administration and DevOps

I I co-organize DevOps Oxford Meetup and we’re looking forspeakers!

3/13

Page 4: Continuous Security with Jenkins, Docker Bench, and Amazon

Oxford University Press (OUP)

I OUP is the largest university press in the world

I OUP is a world-renowned dictionary publisher and the homeof the Oxford English Dictionary

I We recently launched the Oxford Dictionaries API

4/13

Page 5: Continuous Security with Jenkins, Docker Bench, and Amazon

In 2015 an average of 25software vulnerabilities

were discovered every dayNational Vulnerability Database

https://web.nvd.nist.gov/view/vuln/statistics

5/13

https://web.nvd.nist.gov/view/vuln/statistics
Page 6: Continuous Security with Jenkins, Docker Bench, and Amazon

DevSecOps

I DevSecOps is a cultural mindset where everyone isresponsible for security

I Continuous Security, Security as Code, and Security byDesign

I DevSecOps is NOT DevOps + Security

6/13

Page 7: Continuous Security with Jenkins, Docker Bench, and Amazon

Docker Bench

I Docker Bench is a script for checking security best practicesin Docker containers

I Co-developed by Diogo Monica, security lead at Docker

I Based on CIS Docker 1.1.0 Benchmark

7/13

https://benchmarks.cisecurity.org/tools2/docker/CIS_Docker_1.11.0_Benchmark_v1.0.0.pdf
Page 8: Continuous Security with Jenkins, Docker Bench, and Amazon

Demo

Docker BenchTalk is cheap. Show me the code.

Linus Torvalds

Page 9: Continuous Security with Jenkins, Docker Bench, and Amazon

Amazon Inspector

I Amazon Inspector is an automated security assessmentservice on AWS

I Identifies vulnerabilities at operating system and networklevels

I Scans against several rules packages (CVE, CIS, etc.)

9/13

Page 10: Continuous Security with Jenkins, Docker Bench, and Amazon

Demo

Amazon Inspector

Talk is cheap. Show me the code.

Linus Torvalds

Page 11: Continuous Security with Jenkins, Docker Bench, and Amazon

Integration with Jenkins Pipeline

11/13

Page 12: Continuous Security with Jenkins, Docker Bench, and Amazon

Summary

I DevSecOps is cultural mindset where everyone isresponsible for security

I Docker Bench is a script for checking security best practicesin Docker containers

I Amazon Inspector is an automated security assessmentservice on AWS

I Focus on Continuous Security rather than a specific tool

12/13

Page 13: Continuous Security with Jenkins, Docker Bench, and Amazon

Thank you for your attention!

Contact:[email protected]

www.sandrocirulli.net/contact

Slides:www.sandrocirulli.net/cd-summit-and-jenkins-days-2016

Blog Posts:www.sandrocirulli.net/continuous-security-with-jenkins-and-docker-

benchwww.sandrocirulli.net/continuous-security-with-jenkins-and-

amazon-inspector

Links:Oxford Dictionaries API: developer.oxforddictionaries.com

DevOps Meetup Oxford: www.meetup.com/doxford

mailto:[email protected]
http://www.sandrocirulli.net/contact
http://www.sandrocirulli.net/cd-summit-and-jenkins-days-2016
http://www.sandrocirulli.net/continuous-security-with-jenkins-and-docker-bench
http://www.sandrocirulli.net/continuous-security-with-jenkins-and-docker-bench
http://www.sandrocirulli.net/continuous-security-with-jenkins-and-amazon-inspector
http://www.sandrocirulli.net/continuous-security-with-jenkins-and-amazon-inspector
http://developer.oxforddictionaries.com
http://www.meetup.com/doxford

Scaling Jenkins with Docker: Swarm, Kubernetes or Mesos?

Scaling Jenkins with Docker: Swarm, Kubernetes or Mesos?

Software
Orchestrate Continuous Delivery with Jenkins and Docker

Orchestrate Continuous Delivery with Jenkins and Docker

Engineering
Jenkins + Docker = Continuous Improvement

Jenkins + Docker = Continuous Improvement

Technology
Continuous Integration using Docker & Jenkins Integration using Docker & Jenkins LinuxConEurope2014October13-15,2014 Mattias Giese Solutions Architect B1 Systems GmbH giese@b1-systems.de

Continuous Integration using Docker & Jenkins Integration using Docker & Jenkins LinuxConEurope2014October13-15,2014 Mattias Giese Solutions Architect B1 Systems GmbH [email protected]

Documents
( jenkins, docker ) -> { Continuous Delivery }

( jenkins, docker ) -> { Continuous Delivery }

Engineering
Reduce DevOps Friction with Docker & Jenkins

Reduce DevOps Friction with Docker & Jenkins

Technology
Microservices with Kubernetes, Docker, and Jenkins

Microservices with Kubernetes, Docker, and Jenkins

Technology
Continuous delivery with jenkins, docker and exoscale

Continuous delivery with jenkins, docker and exoscale

Technology
Jenkins, Docker and DevOps: The Innovation Catalysts · JENKINS, DOCKER AND DEVOPS: THE INNOVATION CATALYSTS Docker, Jenkins and Continuous Delivery In just two years, Docker has

Jenkins, Docker and DevOps: The Innovation Catalysts · JENKINS, DOCKER AND DEVOPS: THE INNOVATION CATALYSTS Docker, Jenkins and Continuous Delivery In just two years, Docker has

Documents
Simply your Jenkins Projects with Docker Multi-Stage Builds

Simply your Jenkins Projects with Docker Multi-Stage Builds

Software
Continuous Delivery with Docker and Jenkins Job Builder

Continuous Delivery with Docker and Jenkins Job Builder

Software
Jenkins on Docker

Jenkins on Docker

Technology
Microservices with Docker, Kubernetes, and Jenkins

Microservices with Docker, Kubernetes, and Jenkins

Technology
Continuous Delivery Pipeline with Docker and Jenkins

Continuous Delivery Pipeline with Docker and Jenkins

Software
Jenkins + Pipeline Plugin + Docker

Jenkins + Pipeline Plugin + Docker

Technology
Continuous Security with Jenkins, Docker Bench, and Amazon ...sandrocirulli.net/site/wp-content/uploads/2016/10/... · Amazon Inspector I Amazon Inspector is an automated security

Continuous Security with Jenkins, Docker Bench, and Amazon ...sandrocirulli.net/site/wp-content/uploads/2016/10/... · Amazon Inspector I Amazon Inspector is an automated security

Documents
Jenkins, pipeline and docker

Jenkins, pipeline and docker

Business
Jenkins, Docker and DevOps: The Innovation Catalysts

Jenkins, Docker and DevOps: The Innovation Catalysts

Documents
Boost your APEX Deployment and Provisioning with Docker · Windows 10 und Azure. Benefits ... Jenkins Master Jenkins in Docker Container Commercially Supported Docker Engine Jenkins

Boost your APEX Deployment and Provisioning with Docker · Windows 10 und Azure. Benefits ... Jenkins Master Jenkins in Docker Container Commercially Supported Docker Engine Jenkins

Documents
Docker-based Build Farm for ROS · Docker-based Build Farm for ROS Tully Foote (OSRF), ... Jenkins Master Jenkins Slave ... Puppet Jenkins & Groovy scripting

Docker-based Build Farm for ROS · Docker-based Build Farm for ROS Tully Foote (OSRF), ... Jenkins Master Jenkins Slave ... Puppet Jenkins & Groovy scripting

Documents
Demystifying Docker - JUG Saxony Day · PDF fileDemystifying Docker JUG Saxony Day 2015 Bernd Fischer. Who’s that guy? Passionate Java Developer ... Jenkins-Docker-Image Jenkins

Demystifying Docker - JUG Saxony Day · PDF fileDemystifying Docker JUG Saxony Day 2015 Bernd Fischer. Who’s that guy? Passionate Java Developer ... Jenkins-Docker-Image Jenkins

Documents
Continuous delivery with Jenkins, Docker and Mesos/Marathon - jbcnconf

Continuous delivery with Jenkins, Docker and Mesos/Marathon - jbcnconf

Technology
openQA - SUSE€¦ · Jenkins Gerrit Travis Selenium Docker Docker Docker Docker Docker Docker Docker Docker ... openQA runs tests on each Maintenance Update before being released

openQA - SUSE€¦ · Jenkins Gerrit Travis Selenium Docker Docker Docker Docker Docker Docker Docker Docker ... openQA runs tests on each Maintenance Update before being released

Documents
Testing Ansible with Jenkins and Docker

Testing Ansible with Jenkins and Docker

Technology
The DevOps Hero Toolkit: Nexus, Jenkins and Docker

The DevOps Hero Toolkit: Nexus, Jenkins and Docker

Technology
JUC Europe 2015: Scaling Your Jenkins Master with Docker

JUC Europe 2015: Scaling Your Jenkins Master with Docker

Technology
Continuous Integration With Jenkins Docker SQL Server

Continuous Integration With Jenkins Docker SQL Server

Software
Jenkins Peru Meetup Docker Ecosystem

Jenkins Peru Meetup Docker Ecosystem

Engineering
Continuous Integration using Docker & Jenkins

Continuous Integration using Docker & Jenkins

Technology
THE STATE OF DOCKER, JENKINS AND CONTINUOUS DELIVERY › sites › default › ... · Source: CloudBees Survey - The State of Docker, Jenkins and Continuous Delivery, December 2015

THE STATE OF DOCKER, JENKINS AND CONTINUOUS DELIVERY › sites › default › ... · Source: CloudBees Survey - The State of Docker, Jenkins and Continuous Delivery, December 2015

Documents