Infrastructure scan & Encryption

When (day):
11th - Thursday
14:00 - 16:00
Zoom link will be available very soon

Training Session Video

Notable logs from the chat during the session

14:35:52 From evanjones : Q.) What about Pulumi in regards to being used a IaC?
14:47:25 From Barak Schoster :
14:50:33 From Corcoran Smith : Checkov is The Answer
14:51:04 From Barak Schoster :
14:51:10 From Barak Schoster : brew tap bridgecrewio/checkov
brew update
brew install checkov
14:51:13 From Corcoran Smith : Checkov even works on Windows :wink:
14:59:52 From Corcoran Smith : Secrets in TF state are a massive headache, for sure. Sops, Hashi Vault both help here. 15:07:10 From Didar Gelici : can you show how to exit vim?
15:07:12 From Didar Gelici : lol
15:07:38 From evanjones : Or :wq if you want to save
15:11:33 From Didar Gelici :
15:11:34 From Didar Gelici :
15:12:06 From Corcoran Smith : Custom rules and store them in a GitHub repo? :wink:
15:36:21 From evanjones : Twitter handle?
15:36:31 From Barak Schoster : @BarakSchoster

About this talk:

Planning, provisioning, and changing infrastructure are becoming vital to rapid cloud application development. Incorporating infrastructure-as-code into software development promotes transparency and immutability and helps prevent bad configurations upstream.

In this talk:

  • We’ll cover the current state of infrastructure security in the open source registries.

  • From there we will continue to discuss best practices for writing, testing, and maintaining infrastructure at scale, keeping the infrastructure code secured using open source scanners.

  • We will cover infrastructure security use cases like encryption, public facing data entities and plain text secrets, And will show how to find those using policy as code.

Session Contents

Back to list of all Training Sessions