Security: The Value of SBOMs

•

0 recomendaciones•391 vistas

Watch this talk on YouTube: https://youtu.be/-3K74I7t7CQ Securing the Software Supply Chain has become a focus of cybersecurity efforts the world over. One aspect of this is with the generation and verification of a Software Bill of Materials (SBOM). But what is an SBOM and how would you go about setting this up for your cloud native container/applications/pipeline? The Flux team recently published a blog on this very topic and how they’ve gone about implementing these measures. During this session, Dan Luhring, OSS Engineering Manager at Anchore, will dive into SBOMs - what they are, why you need them, some common use cases and how to get your pipeline ready for SBOM generation and verification using the Flux SBOM as an example. Resources Anchore: A comprehensive, continuous security and compliance platform to protect your cloud-native applications. Anchore’s OSS tools featured during this session: - Syft: A CLI tool for generating a Software Bill of Materials (SBOM) from container images and file systems - Grype: An easy-to-integrate open source vulnerability scanning tool for container images and file systems. Speaker Bios: Dan Luhring heads up OSS at Anchore, where he leads the software engineering team that develops Syft and Grype. Dan is drawn deeply into the cloud native security space, where he focuses on container workflows and developer experience. Dan believes in making software more secure by making life better for software engineers and security practitioners. Dan is a maintainer of Sigstore’s Cosign project, and he loves partnering with other people to find solutions to daunting challenges. Priyanka (aka “Pinky”) is a Developer Experience Engineer at Weaveworks. She has worked on a multitude of topics including front end development, UI automation for testing and API development. Previously she was a software developer at State Farm where she was on the delivery engineering team working on GitOps enablement. She was instrumental in the multi-tenancy migration to utilize Flux for an internal Kubernetes offering. Outside of work, Priyanka enjoys hanging out with her husband and two rescue dogs as well as traveling around the globe.

Tecnología

1
March 24, 2022
Security: The Value of SBOMs
Dan Luhring, OSS Engineering Mgr, Anchore
Brady Todhunter, Lead DevOps Eng, Anchore
Priyanka “Pinky” Ravi, DX Engineer, Weaveworks
Stacey Potter, Community Manager, Weaveworks

2
Weaveworks is founded on open source
● Flux & Flagger (CNCF): GitOps and Progressive Delivery for k8s
● Cortex (CNCF): Distributed, Long-term-storage TSDB compatible with
Prometheus
● Weave Ignite: VMs with container UX & built-in GitOps management
● EKSctl: Create an Amazon EKS cluster with one command
● (and many many more projects!)
And now … Weave GitOps!
weave.works

3
Speakers Help/Support
Dan Luhring
OSS Engineering Mgr
Anchore
Brady Todhunter
Lead DevOps Eng.
Anchore
Priyanka Ravi
DX Engineer
Weaveworks
Stacey Potter
Community Manager
Weaveworks
Browser
Safari copy/paste
shortcuts may not work
Using Zoom
Questions?
• Use chat (button: top
left corner of screen)
• Escape to exit full
screen
• “To Everyone” or “To
all panelists and
attendees”
Support:
https://support.zoom.us/hc/
en-us/articles/206175806-T
op-Questions
Troubleshooting
Use chat
If the issue is not easily resolved,
we ask that you follow along as
we demo the sample app.
Security: The Value of SBOMs Duration
30-60 Minutes

4
● GitOps is an app dev and operations methodology
● GitOps is a methodology, not a speciﬁc tool or
technology.
● GitOps applies to everything
and brings business value.
What is GitOps?...and why do I want it?

6
👋 Get Connected 💬 🤝
● ⭐ Star us on GitHub ⭐
● Check out the Flux docs at: fluxcd.io/docs/get-started/
● GitHub Discussions Q&A:
https://github.com/fluxcd/flux2/discussions/categories/q-a
● CNCF Slack #Flux channel (or get a slack invite)

7
Mar 29: OpenSource101: WTF is GitOps & Why Should you Care?
Mar 30: From Zero to GitOps Heroes!
Mar 31: GitOps for Helm Users!
May 16-20: Flux Booth at KubeCon!
June 8-9: GitOps Days 2022! (gitopsdays.com)
Upcoming Events

Dan Luhring
Manager of Open Source Engineering, Anchore
luhring
danluhring
dan.luhring@anchore.com

Software bill of materials (“SBOM”)
● A “list of ingredients” for a software artifact
● Exposes what software is made up of
● Several different uses…
■ Vulnerability scanning
■ Software transparency
■ Policy

Anchore
Forging the Future of Software Security.
Anchore is creating a more secure software supply chain for
priceless peace of mind.

Anchore’s Open Source Tools
Developer-friendly scanning tools for container image security

The story of SBOMs at Flux
Cloud Native Computing Foundation (CNCF)
The Cloud Native Computing Foundation (CNCF) is an open source software foundation that promotes the
adoption of cloud-native computing.
Maturity Levels: Sandbox ➡ Incubating ➡ Graduation
CNCF projects have a maturity level of sandbox, incubating, or graduated, which corresponds to the
Innovators, Early Adopters, and Early Majority tiers of the Crossing the Chasm diagram. The maturity
level is a signal by CNCF as to what sorts of enterprises should be adopting different projects.
July 2019: Flux joins CNCF as a Sandbox Project 🏜 ⌛ 🏝
July 2020: Flux was one of only two projects in the ‘adopt’ category of CNCF CD Tech Radar 📡 ⚙ 💻
March 2021: Flux goes from Sandbox to Incubation 🥚 ⏲
November 2021: Flux Security Audit concludes in preparation for Graduation application 📄 📝
March 2022: Flux applies for Graduation 🤞🤞 🎉 🎓 🎉 🎓 🎉 🎓 🤞🤞

Here’s how Flux did it!
Initialize artifact
.goreleaser.yml

Here’s how Flux did it!
Generate release artifacts
Create release and SBOM

Flux at Anchore
How we use Flux:
● We manage 2 clusters using Flux
● Environments are set up differently
● Image Automation
What I love about Flux:
● Developer empowerment
● Flexibility in deployments
● Source of truth for deployments
● Uses native kubernetes mechanisms

Más contenido relacionado

La actualidad más candente

Understanding container security

John Kinsella

Why kubernetes matters

Platform9

Docker Container Security

Suraj Khetani

Introduction to docker

Frederik Mogensen

In this session Stefan will go deep into the security aspects of Flux v2. We’ll start by explaining the Flux authorization model and how it relates to Kubernetes RBAC and account impersonation. Then we’ll compare the soft and hard multitenancy models from a GitOps perspective. We’ll explore the configuration options on how platform admins can lockdown Flux on multitenant environments and how they can onboard tenants onto clusters using the Flux CLI and Git. Finally we’ll talk about the Flux roadmap for 2022.

KubeCon 2022 EU Flux Security.pdf

Weaveworks

Slide DevSecOps Microservices

Hendri Karisma

Edureka-DevOps-Ebook.pdf

relekarsushant

DevSecOps: What Why and How : Blackhat 2019

NotSoSecure Global Services

SecDevOps

Peter Lamar

An introduction to the devsecops webinar will be presented by me at 10.30am EST on 29th July,2018. It's a session focussed on high level overview of devsecops which will be followed by intermediate and advanced level sessions in future. Agenda: -DevSecOps Introduction -Key Challenges, Recommendations -DevSecOps Analysis -DevSecOps Core Practices -DevSecOps pipeline for Application & Infrastructure Security -DevSecOps Security Tools Selection Tips -DevSecOps Implementation Strategy -DevSecOps Final Checklist

Introduction to DevSecOps

Setu Parimi

Docker 101 - Nov 2016

Docker, Inc.

Watch this recording here: https://youtu.be/U2n3oYuIIfc Amazon EKS Anywhere is an open-source tool which helps you create and manage Kubernetes clusters on-premises. EKS Anywhere allows you to manage your Kubernetes clusters in a scalable and declarative manner with the help of GitOps, powered under-the-hood with CNCF Flux. In this session, Dan will share how EKS Anywhere integrates with Flux and uses GitOps workflows to manage the cluster lifecycle. Resources: AWS EKS Anywhere on GitHub: https://github.com/aws/eks-anywhere AWS EKS Anywhere: https://aws.amazon.com/eks/eks-anywhere/ AWS EKS Anywhere docs site: https://anywhere.eks.amazonaws.com/ AWS EKS Anywhere: Managing a Cluster with GitOps: https://anywhere.eks.amazonaws.com/docs/tasks/cluster/cluster-flux/ Speaker Bio: Dan is a Software Engineer on the AWS EKS Anywhere team, working on tools to help developers easily build and manage Kubernetes clusters on premises. In the past, Dan has worked as a System Administrator, DevOps Engineer, SRE, gardener, cook and professional door-knocker. When he’s not helping to build EKS Anywhere you can find him weeding the garden or in the kitchen working his way through another cookbook.

GitOps with Amazon EKS Anywhere by Dan Budris

Weaveworks

Spring Cloud: Why? How? What?

Orkhan Gasimov

Istio : Service Mesh

Knoldus Inc.

Introduction to Kubernetes

rajdeep

DevSecOps reference architectures 2018

Sonatype

Docker

A.K.M. Ahsrafuzzaman

Devops Devops Devops, at Froscon

Kris Buytaert

Docker internals

Rohit Jnagal

SCS DevSecOps Seminar - State of DevSecOps

Stefan Streichsbier

La actualidad más candente (20)

Understanding container security

Why kubernetes matters

Docker Container Security

Introduction to docker

KubeCon 2022 EU Flux Security.pdf

Slide DevSecOps Microservices

Edureka-DevOps-Ebook.pdf

DevSecOps: What Why and How : Blackhat 2019

SecDevOps

Introduction to DevSecOps

Docker 101 - Nov 2016

GitOps with Amazon EKS Anywhere by Dan Budris

Spring Cloud: Why? How? What?

Istio : Service Mesh

Introduction to Kubernetes

DevSecOps reference architectures 2018

Docker

Devops Devops Devops, at Froscon

Docker internals

SCS DevSecOps Seminar - State of DevSecOps

Similar a Security: The Value of SBOMs

Watch this talk on YouTube here: https://youtu.be/8xhEPPA6XUs Some organizations depend heavily on their Terraform scripts because they are using multiple providers, have built wrappers around those providers, and might even be deploying their application code along with Terraform. Additionally, GitOps is in every IT roadmap, but unfortunately Terraform doesn’t have an easy way to reconcile its resources. This means that teams won't notice a sudden change in the running environment often with critical consequences. What if teams could ensure that what they defined in the Terraform HCL code is what is always running and available? Flux can continuously look for changes on your Terraform resources and do reconciliation with the desired state. You can rest easy knowing that your deployments are always up to date with your desired state. This enables you to take advantage of all the benefits of GitOps: streamlined and secure deployments, quicker time to market, and more time to concentrate on app development! Priyanka provides an in-depth look at TF-controller, a Flux-based controller to reconcile your Terraform resources the GitOps Way. Pinky shares insights on the many benefits of TF-Controller, then demo a common use case implementation. Speaker Bio: Priyanka “Pinky” Ravi is a Developer Experience Engineer at Weaveworks. She has worked on a multitude of topics including front end development, UI automation for testing and API development. Previously she was a software developer at a large insurance company where she was on the delivery engineering team working on GitOps enablement. She was instrumental in the multi-tenancy migration to utilize Flux for an internal Kubernetes offering. Outside of work, Priyanka enjoys hanging out with her husband and two rescue dogs as well as traveling around the globe.

Reconcile Terraform Resources the GitOps Way with Priyanka Ravi

Weaveworks

DockerDay2015: Keynote

Docker-Hanoi

DockerCon SF 2015: Keynote Day 1

Docker, Inc.

Cloud to Edge

Wesley Reisz

CNCF Keynote - What is cloud native?

Weaveworks

DockerCon EU 2015: Day 1 General Session

Docker, Inc.

Watch the recording here: https://youtu.be/6_dlU9WYBeY Is your team stuck working weekends during an upgrade? Dealing with long deployment windows due to manual processes? Are you tired of dealing with too many vendor tools, or not having an audit trail for compliance? There's got to be a better way! There is, and during this session Priyanka "Pinky" Ravi will give you an overview of how to get better security, velocity, and reliability with GitOps, and then how to get GitOps going on your own machine! By the end of this talk, you'll see two easy paths to getting GitOps up and running using Flux on Kubernetes. You'll see GitOps in action with a sample app that you deploy and then customize using configs. And then you'll hear ways that delivery and platform teams today are benefitting from GitOps, saving them from headaches, boredom, fires, and saving them time and money. Join us! Resources: ⭐️ Weave GitOps - https://docs.gitops.weave.works/docs/getting-started/ ⭐️ Flux - the GitOps family of projects: fluxcd.io ⭐️ Get Started with Flux Guide: https://fluxcd.io/docs/get-started/ ⭐️ Flux GitHub Repo: https://github.com/fluxcd/flux2 ⭐️ Flux on CNCF Slack: https://cloud-native.slack.com/messages/flux (or get an invite here: https://slack.cncf.io/)

Get Started with Flux

Weaveworks

CNCF Introduction - Feb 2018

Krishna-Kumar

Machine learning in cybersecutiry

Vishwas N

Tsunami of Technologies. Are we prepared?

msyukor

Top 5 benefits of docker

John Zaccone

Building specialized container-based systems with Moby: a few use cases This talk will explain how you can leverage the Moby project to assemble your own specialized container-based system, whether for IoT, cloud or bare metal scenarios. We will cover Moby itself, the framework, and tooling around the project, as well as many of it’s components: LinuxKit, InfraKit, containerd, SwarmKit, Notary. Then we will present a few use cases and demos of how different companies have leveraged Moby and some of the Moby components to create their own container-based systems.

Moby Open Source Summit North America 2017

Patrick Chanezon

UniK - a unikernel compiler and runtime

Lee Calcote

How to Contribute to Cloud Native Computing Foundation

CodeOps Technologies LLP

How to contribute to cloud native computing foundation (CNCF)

Krishna-Kumar

The world of Docker and Kubernetes

vty

3.cncf meetup / techfoce vol.7

Juraj Hantak

如何在 Ubuntu 上更快、更便捷地部署物联网设备

Rex Tsai

Recently Flux has released two new features (OCI and Cosign) for scalable and secure GitOps. Juozas Gaigalas, a Developer Experience Engineer at Weaveworks, will demonstrate how developers and platform engineers can quickly create scalable and Cosign-verified GitOps configurations using VS Code GitOps Tools extension. New and experienced Flux users can learn about Flux’s OCI and Cosign support through this demo.

Flux Security & Scalability using VS Code GitOps Extension

Weaveworks

Programming the world with Docker

Patrick Chanezon

Similar a Security: The Value of SBOMs (20)

Reconcile Terraform Resources the GitOps Way with Priyanka Ravi

DockerDay2015: Keynote

DockerCon SF 2015: Keynote Day 1

Cloud to Edge

CNCF Keynote - What is cloud native?

DockerCon EU 2015: Day 1 General Session

Get Started with Flux

CNCF Introduction - Feb 2018

Machine learning in cybersecutiry

Tsunami of Technologies. Are we prepared?

Top 5 benefits of docker

Moby Open Source Summit North America 2017

UniK - a unikernel compiler and runtime

How to Contribute to Cloud Native Computing Foundation

How to contribute to cloud native computing foundation (CNCF)

The world of Docker and Kubernetes

3.cncf meetup / techfoce vol.7

如何在 Ubuntu 上更快、更便捷地部署物联网设备

Flux Security & Scalability using VS Code GitOps Extension

Programming the world with Docker

Más de Weaveworks

LLMs are one of the rising workloads on Kubernetes and so are the complexities of deploying, managing and fine-tuning them. With this latest extension we can offer a strong blueprint for enterprises on how to keep LLMs OCI contained with the use of Kubernetes, Flux and Weave AI Controllers. The Highlights: * Simplified deployment, management, and fine-tuning of LLMs on any Kubernetes infrastructure. * Strong security and governance ensured through GitOps workflows and a robust signing and verification process. The Whys: * Security, Governance & Compliance: Ensures vulnerability-free and compliant deployments. * Seamless Integration: Works with existing systems, including Red Hat OpenShift. * GitOps for Productivity & Collaboration: Leverages the power of Flux and Kubernetes for automated, streamlined workflows. The Weave AI Controllers are an out of the box extension for Flux and are shipped and supported with Weave GitOps Assured (https://www.weave.works/product/gitops) and Enterprise (https://www.weave.works/product/gitops-enterprise/). Read our latest blog for more information (https://www.weave.works/blog/weave-ai-controllers) and visit GitHub to get started - https://github.com/weave-ai/weave-ai

Weave AI Controllers (Weave GitOps Office Hours)

Weaveworks

Flamingo is an open source tool that allows for integrated use of both Flux and ArgoCD, the two leading GitOps solutions available today. * See how to integrate the two most used CNCF projects together to create flexible and extensible GitOps solutions. * Learn how to use Flux’s powerful and secure controllers with ArgoCD’s web-based GUI. * Understand how Flamingo provides a path towards Platform Engineering for ArgoCD users. * Explore extending ArgoCD to manage Infrastructure as Code through Flux’s Terraform Controller. For more information visit: https://github.com/flux-subsystem-argo/flamingo

Flamingo: Expand ArgoCD with Flux (Office Hours)

Weaveworks

Flux, the original GitOps project, began its development in a small London office back in 2017 with the goal to bring continuous delivery (CD) to developers, platform and cluster operators working with Kubernetes. From donating the project to the CNCF, its continued growth within the cloud native community, to its achievement of passing rigorous battle tests for security, longevity and governance, it’s little wonder that Flux v2 has reached yet another celebratory milestone – General Availability (GA). Flux is the GitOps platform of choice for many enterprise companies such as SAP, Volvo Cars, and Axel Springer; and is embedded within AKS, Azure Arc and EKS Anywhere. It provides extensive automation to CI/CD, security and audit trails, and reliability through canary deployments and rollback capabilities. Join this webinar by Flux maintainers and creators and discover: * Latest release features and roadmap for the future. * Interesting use cases for Flux (e.g security). * Flux capabilities you may not be aware of (e.g. extensions). * Joining the vibrant Flux community. * How to leverage Flux in a supported enterprise environment today.

Webinar: Capabilities, Confidence and Community – What Flux GA Means for You

Weaveworks

Although not an entirely new concept, Platform Engineering and Internal Developer Platforms (IDPs) are all the rage due to their potential to increase development velocity and deployment frequency while boosting reliability and security. Join Joe Dahlquist, VP of PMM and Mohamed Ahmed, VP of Developer Platforms at Weaveworks to learn the 6 tell-tale signs your company should implement a platform engineering approach. The webinar draws on hundreds of conversations with SRE’s, developers, and platform engineering teams to help you better understand what works, what doesn’t and what might be missing from your strategy. Attendees can apply these learnings to their first (or next) developer platform regardless of your build vs. buy journey. You will learn: * The difference between Internal Developer Platforms and Platform Engineering * Why platform engineering now? * How Dev and Ops benefit from an IDP * 6 tell-tale signs to start platform engineering * Drafting your platform engineering strategy - where to begin and what to avoid

Six Signs You Need Platform Engineering

Weaveworks

In today's technology-driven landscape, ensuring the reliability and stability of systems is critical for organizations to deliver exceptional user experiences. Site Reliability Engineering (SRE) has emerged as a proven methodology to achieve operational excellence and elevate performance. By combining SRE and GitOps, organizations can leverage the benefits of both methodologies. GitOps provides a reliable and auditable approach to managing infrastructure and application changes, ensuring that all deployments are version-controlled and consistent across environments. This aligns with the SRE principle of implementing standardized and automated processes for maintaining system reliability. Join our live webinar as we introduce the fundamentals and significance of SRE and GitOps, and provide actionable strategies for implementation. We’ll also explore the features of Weave GitOps that integrate SRE and GitOps practices to streamline workflows to support system reliability and stability. You will learn: An overview and correlation of key SRE and GitOps best practices The 5 keys DORA metrics for measuring performance of software delivery. How to leverage continuous delivery and progressive delivery to enhance application stability. How Weave GitOps can reliably simplify the management of infrastructure and applications, with real-world customer examples illustrating their impact.

SRE and GitOps for Building Robust Kubernetes Platforms.pdf

Weaveworks

One of the key values of GitOps relies on its fully declarative single source of truth in Git for the desired state of your entire system – configuration that continuously reconciles with the runtime of the system. Validating committer identity in your Git repository is a critical component towards a secure GitOps solution. Although basic capabilities are provided by Git service providers, more granular controls for governance and compliance are a requirement to satisfy most enterprise grade implementations. How do you keep that end to end process secure, from Git to Runtime? Join Weaveworks and Chainguard for a live webinar where we will look at how Chainguard Enforce for Git together with Weave GitOps Enterprise Policy Engine allows you to secure your end to end GitOps workflows, from Git to Runtime. You will learn how to: - Use Chainguard Enforce for Git to ensure only authorized GitOps tooling can modify your desired state. - Provide a secure identity to Weave GitOps Enterprise for all Git operations. - Use Weave GitOps Policy Engine to guarantee compliance on admission.

Webinar: End to End Security & Operations with Chainguard and Weave GitOps

Weaveworks

Watch the recap: https://youtu.be/gKR95Kmc5ac In this KubeCon Europe 2023 session, Stefan and Hidde will talk about the latest developments of Flux around the Open Container Initiative (OCI). The focus will be on how OCI can serve as the single source of truth for both application code (container images) and configuration (OCI artifacts). We will start by explaining how Flux can be used as a package manager for distributing Kubernetes configs and Terraform modules as OCI artifacts. Afterwards, we will demonstrate how to build a secure delivery pipeline that leverages Flux integrations with GitHub Actions and keyless signatures from Sigstore Cosign. Lastly, we will touch upon the upcoming plans for 2023 and the significance of OCI in the future of continuous delivery with Flux.

Flux Beyond Git Harnessing the Power of OCI

Weaveworks

In today’s economic climate, IT departments are feeling the pressure to reduce costs which can have a significant effect on development teams, and more specifically, Kubernetes strategies. For many organizations, there is a good chance that many Kubernetes resources are overprovisioned, and it’s often difficult to visualize which processes are responsible for this unnecessary spend. Weaveworks has joined forces with KubeCost to show you how to “do more with less” by easily integrating a Kubernetes FinOps solution into your existing workflows and seamlessly automating the provisioning and management of FinOps enabled Kubernetes clusters from a single UI / dashboard. Join this webinar to discover best practices for monitoring and reducing Kubernetes spend, while balancing cost, performance, and reliability. What you’ll learn: - Best practices for implementing a FinOps strategy in your organization. - Cluster management and templating capabilities using Weave GitOps for automating FinOps. - How to use predefined, automated policies for reliable cost control across your Kubernetes environment.

Automated Provisioning, Management & Cost Control for Kubernetes Clusters

Weaveworks

Picture this… It’s the middle of the night on a Saturday, and the sound of slack messages rolling in rouses you from slumber. Then two text messages chime in quick succession. As you grab your phone and pry open an eye to figure out WTF, the phone rings - and it’s your boss!? You stammer out a “Hello?” She sounds alarmed. “Wake up, we have a big problem” “It’s two-in-the-morning, what problem?” you croak back. “I guess you missed the alerts while you were sleeping…API endpoints in prod are getting knocked over, and the tokens responsible are yours.” “They’re what? How?” “Get to your machine and jump on the meeting link I just sent - everybody’s waiting” Yikes. Join Weaveworks for some real-world tales from the trenches, and learn about the 5 simple things you can do to prevent making a royal mess of Tenancy in Kubernetes. Hear from developers that got that late night call because of a bone-headed accident, and teams affected by gob-smacking access and permissions foul-ups. Luckily for us, they were happy to tell us the tales so we can learn from their pain. Weave GitOps Workspaces is a new feature that enables multi-tenancy so platform engineers can scale their GitOps workflows across numerous development teams. Oh yeah, it also wards -off wake-up calls in the middle of the night, which is nice. Watch this webinar recording to learn: - How Weave GitOps simplifies tenancy management - How security guardrails keep you from blowing a hole in your app, and across your team - 5 takeaways for enabling Kubernetes tenancy safely and effectively for your teams

How to Avoid Kubernetes Multi-tenancy Catastrophes

Weaveworks

An internal developer platform (IDP) is a set of standardized tools and technologies that enables development teams to self-service, offering convenient access to resources they need to create and deploy compliant code. The ultimate goal is to facilitate automation, autonomy and productivity across large teams. However, creating an IDP is highly complex, especially when bridging hybrid scenarios. In fact, build timelines can take anywhere between one to two years! In this Techstrong Learning Experience, we will discuss how platform engineers can more efficiently build an IDP with Amazon EKS and Weave GitOps and accelerate cloud-native adoption while speeding up migration of existing applications to the cloud. Our experts will also introduce EKS Blueprints, a collection of infrastructure-as-code (IaC) modules like Terraform and AWS Cloud Development Kit (AWS CDK) that will help you configure and deploy consistent EKS clusters across on-premises and cloud. Key Takeaways: - Why you should build a self-service IDP - How to leverage EKS, GitOps and EKS Blueprints to build your IDP - A review of use cases and benefits of an IDP

Building internal developer platform with EKS and GitOps

Weaveworks

GitOps is amazing... until you can't apply it! This has been the case mostly for testing where it continues to be more of a push than a pull in organizations' DevOps pipelines. Join us in this talk to learn the benefits of improving your existing testing pipeline with Testkube, an open source project that brings tests inside your Kubernetes cluster, and FluxCD adding the GitOps sprinkles to testing! Speaker: Abdallah Abedraba, Product Leader at Testkube Abdallah works at Testkube, a Kubernetes native testing framework. In his prior experiences, he has tried everything from software engineering to product management, and now working as a Developer Advocate, on open source (a dream of his!) evangelizing all things Testing and Kubernetes. In his free time, he enjoys attending developer conferences and meetups, as well as spending time at the movies and actively listening to music.

GitOps Testing in Kubernetes with Flux and Testkube.pdf

Weaveworks

You may not think of "GitOps" and "service mesh" together – but maybe you should! These two wildly different technologies are each enormously capable independently, and combined they deliver far more than the sum of their parts: a single Git commit can control workflows customized for your exact situation by taking advantage of the service mesh's ability to measure and manipulate traffic anywhere in your application's call graph, and you can rest easy knowing that Git is preserving the complete configuration for your entire application every step of the way. See how these technologies can work together to tackle complex problems in cloud-native applications. What you’ll get out of this: * Understand what GitOps and service meshes can - and can't - do for you. * Understand basic operations with GitOps and Linkerd. * Understand the basics of continuous deployment with Weave GitOps and Linkerd.

Intro to GitOps with Weave GitOps, Flagger and Linkerd

Weaveworks

Soft multi-tenancy can be hard to achieve and secure. Multiple tenants sharing the same cluster means there are global objects, like Custom Resource Definitions (CRDs), namespaces, and so on, that you don’t want tenants controlling. Platform admins, cluster admins, and tenants, should be separated, with dedicated namespaces, role bindings, node groups, taints and tolerations, etc. With Flux, tenant isolation is enforced by default, so you don’t have to worry about accidental tenant cross-over / cross-contamination. In this session, Priyanka “Pinky” Ravi, Developer Experience Engineer at Weaveworks, will walk you through how to set up multi-tenancy on an existing Kubernetes cluster and manage several tenants within the cluster. Take advantage of the benefits that come with infrastructure as code.

Implementing Flux for Scale with Soft Multi-tenancy

Weaveworks

Join Leo Murillo, Principal Solutions Architect at Weaveworks and Rama Ponnuswami, Sr. Container Specialist at AWS, as they walk through accelerating Multi-stage delivery on GitOps. If you already have EKS-A, you are ready to automate the release of multistage delivery. Thus, allowing you to deploy more often and reliably with less overhead. In this Webinar, we cover: - Best practices for CI/CD, GitOps and Application Pipeline Management. - Simple cluster management across Kubernetes hybrid infrastructure. - Multistage deployments using Weave GitOps for EKS and EKS-A using a single UI dashboard.

Accelerating Hybrid Multistage Delivery with Weave GitOps on EKS

Weaveworks

The Story of Flux Reaching Graduation in the CNCF

Weaveworks

In this session, we’ve partnered with Upbound to showcase how to effectively manage application delivery while maintaining a high level of security using Weave GitOps and Upbound. Managing a stateful application deployment with a relational database, Weave GitOps can recognize if there is a policy violation and correct it before deploying the application. Join us as we demonstrate the scenarios where: All changes to application configuration are managed through Git workflows Upbound’s Universal Crossplane allows you to build, deploy, and manage your cloud platforms GitOps provides an extra layer of security by removing the need for direct access to Kubernetes clusters Policy-as-Code guarantees security, resilience and coding standards compliance Watch the recording: xx

Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...

Weaveworks

In a joint webinar with Traefik Labs, we show how Traefik Hub, a SaaS-based cloud native networking platform, helps you publish your containers securely in seconds with tunnels, OIDC authentication and automated TLS certificate management. And, how you can combine that with Weave GitOps to achieve continuous application delivery using progressive delivery strategies for risk-free and reliable deployments. Security is key, so we showcase multi-tenancy for full RBAC across the different deployment stages, and trusted delivery best practices for continuous security and compliance baked in. Learn how: - To utilize canary deployments for reliable and risk-free application deployments. - GitOps lets you automate and secure the publishing of containers at the edge consistently. - Easy it is to deploy, update and manage your application workloads on Kubernetes. - To publish containers securely using tunnels, OIDC authentication and TLS certificate management.

Securing Your App Deployments with Tunnels, OIDC, RBAC, and Progressive Deliv...

Weaveworks

Flux’s Security & Scalability with OCI & Helm Slides.pdf

Weaveworks

Deploying secure, cloud native stateful applications requires a high level of performance across hybrid and multi-cloud environments. Using the scalable, highly performant storage provided by Ondat in combination with Weave GitOps Trusted Delivery, you can shift left security and accelerate software development. Watch this on-demand webinar as we demonstrate how: - All changes to application configuration are managed through Git workflows GitOps provides an extra layer of security by removing the need for direct access to Kubernetes clusters. - Policy-as-Code guarantees security, resilience and coding standards compliance. - To dynamically provision highly available persistent volumes by simply deploying Ondat anywhere with a simple operator profile. - All data services such as replication, compression and encryption, are optimized and accelerated to scale on any platform with Ondat’s low latency data plane.

Deploying Stateful Applications Securely & Confidently with Ondat & Weave GitOps

Weaveworks

While GitOps is known as a paradigm for managing cloud native applications, not many know it fits within platform management as well. Automating the provisioning and management of Kubernetes clusters abstracts away the issue of inconsistency that you get with cluster sprawl, all while shortening provisioning time by consistent automation. But that’s not enough. A networking layer is a standard requirement when managing Kubernetes environments, yet traditional IT networking and security methods do not work. By default, Kubernetes environments allow any pod to connect to any other pod, creating security risks. Furthermore, legacy approaches to network security visibility do not allow for performance of threat detection, compliance monitoring, or incident investigations for Kubernetes workloads. Cilium is a zero-trust cloud-native networking layer providing the necessary security and observability of your Kubernetes environments. What if you were to add your network and security operations into your GitOps workflows? In our webinar with Isovalent, we walk through how to easily add Cilium as a robust Container Network Interface solution using GitOps, and explore some of the Observability and Security features it provides. You'll learn how: - GitOps helps you manage cloud native chaos - To save time creating secure, “user-ready” Kubernetes clusters - To apply Weave GitOps to Kubernetes platform management - To improve network security and network observability using Cilium

Robust Network Security and Observability with GitOps and Cilium

Weaveworks

Más de Weaveworks (20)

Weave AI Controllers (Weave GitOps Office Hours)

Flamingo: Expand ArgoCD with Flux (Office Hours)

Webinar: Capabilities, Confidence and Community – What Flux GA Means for You

Six Signs You Need Platform Engineering

SRE and GitOps for Building Robust Kubernetes Platforms.pdf

Webinar: End to End Security & Operations with Chainguard and Weave GitOps

Flux Beyond Git Harnessing the Power of OCI

Automated Provisioning, Management & Cost Control for Kubernetes Clusters

How to Avoid Kubernetes Multi-tenancy Catastrophes

Building internal developer platform with EKS and GitOps

GitOps Testing in Kubernetes with Flux and Testkube.pdf

Intro to GitOps with Weave GitOps, Flagger and Linkerd

Implementing Flux for Scale with Soft Multi-tenancy

Accelerating Hybrid Multistage Delivery with Weave GitOps on EKS

The Story of Flux Reaching Graduation in the CNCF

Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...

Securing Your App Deployments with Tunnels, OIDC, RBAC, and Progressive Deliv...

Flux’s Security & Scalability with OCI & Helm Slides.pdf

Deploying Stateful Applications Securely & Confidently with Ondat & Weave GitOps

Robust Network Security and Observability with GitOps and Cilium

Último

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

MadyBayot

Whatsapp Number Escorts Call girls 8617370543 Available 24x7 Navi Mumbai Call Girls Service Offer Genuine VIP Model Escorts Call Girls in Your Budget. Navi Mumbai Call Girls Service Provide Real Call Girls Number. Make Your Sexual Pleasure Memorable with Our Navi Mumbai Call Girls at Affordable Price. Top VIP Escorts Call Girls, High Profile Independent Escorts Call Girls, Housewife Women Escorts Call Girl, College Girls Escorts Call Girls, Russian Escorts Call girls Service in Your Budget.

Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model

Deepika Singh

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...

Zilliz

GenAI Risks & Security Meetup 01052024.pdf

lior mazor

As privacy and data protection regulations evolve rapidly, organizations operating in multiple jurisdictions face mounting challenges to ensure compliance and safeguard customer data. With state-specific privacy laws coming up in multiple states this year, it is essential to understand what their unique data protection regulations will require clearly. How will data privacy evolve in the US in 2024? How to stay compliant? Our panellists will guide you through the intricacies of these states' specific data privacy laws, clarifying complex legal frameworks and compliance requirements. This webinar will review: - The essential aspects of each state's privacy landscape and the latest updates - Common compliance challenges faced by organizations operating in multiple states and best practices to achieve regulatory adherence - Valuable insights into potential changes to existing regulations and prepare your organization for the evolving landscape

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

TrustArc

Modernizing Securities Finance: The cloud-native prime brokerage platform transforming capital markets. Madhu Subbu, Managing Director, Head of Securities Finance Engineering Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu

apidays

Webinar Recording: https://www.panagenda.com/webinars/why-teams-call-analytics-is-critical-to-your-entire-business Nothing is as frustrating and noticeable as being in an important call and being unable to see or hear the other person. Not surprising then, that issues with Teams calls are among the most common problems users call their helpdesk for. Having in depth insight into everything relevant going on at the user’s device, local network, ISP and Microsoft itself during the call is crucial for good Microsoft Teams Call quality support. To ensure a quick and adequate solution and to ensure your users get the most out of their Microsoft 365. But did you know that ‘bad calls’ are also an excellent indicator of other problems arising? Precisely because it is so noticeable!? Like the canary in the mine, bad calls can be early indicators of problems. Problems that might otherwise not have been noticed for a while but can have a big impact on productivity and satisfaction. Join this session by Christoph Adler to learn how true Microsoft Teams call quality analytics helped other organizations troubleshoot bad calls and identify and fix problems that impacted Teams calls or the use of Microsoft365 in general. See what it can do to keep your users happy and productive! In this session we will cover - Why CQD data alone is not enough to troubleshoot call problems - The importance of attributing call problems to the right call participant - What call quality analytics can do to help you quickly find, fix-, and prevent problems - Why having retrospective detailed insights matters - Real life examples of how others have used Microsoft Teams call quality monitoring to problem shoot problems with their ISP, network, device health and more.

Why Teams call analytics are critical to your entire business

panagenda

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

A Beginners Guide to Building a RAG App Using Open Source Milvus

Zilliz

FWD Group - Insurer Innovation Award 2024

The Digital Insurer

AXA XL - Insurer Innovation Award Americas 2024

The Digital Insurer

MySQL Webinar, presented on the 25th of April, 2024. Summary: MySQL solutions enable the deployment of diverse Database Architectures tailored to specific needs, including High Availability, Disaster Recovery, and Read Scale-Out. With MySQL Shell's AdminAPI, administrators can seamlessly set up, manage, and monitor these solutions, ensuring efficiency and ease of use in their administration. MySQL Router, on the other hand, provides transparent routing from the application traffic to the backend servers in the architectures, requiring minimal configuration. Completely built in-house and supported by Oracle, these solutions have been adopted by enterprises of all sizes for their business-critical applications. In this presentation, we'll delve into various database architecture solutions to help you choose the right one based on your business requirements. Focusing on technical details and the latest features to maximize the potential of these solutions.

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Miguel Araújo

💉💊+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHABI}}+971581248768 +971581248768 Mtp-Kit (500MG) Prices » Dubai [(+971581248768**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Maya Whatsapp +971581248768 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971581248768''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971581248768' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Cl

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@

This presentations targets students or working professionals. You may know Google for search, YouTube, Android, Chrome, and Gmail, but did you know Google has many developer tools, platforms & APIs? This comprehensive yet still high-level overview outlines the most impactful tools for where to run your code, store & analyze your data. It will also inspire you as to what's possible. This talk is 50 minutes in length.

Powerful Google developer tools for immediate impact! (2023-24 C)

wesley chun

Scalable LLM APIs for AI and Generative AI Application Development Ettikan Karuppiah, Director/Technologist - NVIDIA Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...

apidays

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

DBX First Quarter 2024 Investor Presentation

Dropbox

Following the popularity of "Cloud Revolution: Exploring the New Wave of Serverless Spatial Data," we're thrilled to announce this much-anticipated encore webinar. In this sequel, we'll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you're building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

Architecting Cloud Native Applications

WSO2

Security: The Value of SBOMs

1. 1 March 24, 2022 Security: The Value of SBOMs Dan Luhring, OSS Engineering Mgr, Anchore Brady Todhunter, Lead DevOps Eng, Anchore Priyanka “Pinky” Ravi, DX Engineer, Weaveworks Stacey Potter, Community Manager, Weaveworks

2. 2 Weaveworks is founded on open source ● Flux & Flagger (CNCF): GitOps and Progressive Delivery for k8s ● Cortex (CNCF): Distributed, Long-term-storage TSDB compatible with Prometheus ● Weave Ignite: VMs with container UX & built-in GitOps management ● EKSctl: Create an Amazon EKS cluster with one command ● (and many many more projects!) And now … Weave GitOps! weave.works

3. 3 Speakers Help/Support Dan Luhring OSS Engineering Mgr Anchore Brady Todhunter Lead DevOps Eng. Anchore Priyanka Ravi DX Engineer Weaveworks Stacey Potter Community Manager Weaveworks Browser Safari copy/paste shortcuts may not work Using Zoom Questions? • Use chat (button: top left corner of screen) • Escape to exit full screen • “To Everyone” or “To all panelists and attendees” Support: https://support.zoom.us/hc/ en-us/articles/206175806-T op-Questions Troubleshooting Use chat If the issue is not easily resolved, we ask that you follow along as we demo the sample app. Security: The Value of SBOMs Duration 30-60 Minutes

4. 4 ● GitOps is an app dev and operations methodology ● GitOps is a methodology, not a speciﬁc tool or technology. ● GitOps applies to everything and brings business value. What is GitOps?...and why do I want it?

5. 5 Source: opengitops.dev

6. 6 👋 Get Connected 💬 🤝 ● ⭐ Star us on GitHub ⭐ ● Check out the Flux docs at: fluxcd.io/docs/get-started/ ● GitHub Discussions Q&A: https://github.com/fluxcd/flux2/discussions/categories/q-a ● CNCF Slack #Flux channel (or get a slack invite)

7. 7 Mar 29: OpenSource101: WTF is GitOps & Why Should you Care? Mar 30: From Zero to GitOps Heroes! Mar 31: GitOps for Helm Users! May 16-20: Flux Booth at KubeCon! June 8-9: GitOps Days 2022! (gitopsdays.com) Upcoming Events

8. 8 Talk & Demo Time!

9. Dan Luhring Manager of Open Source Engineering, Anchore luhring danluhring dan.luhring@anchore.com

10. What’s an SBOM?

11. Software bill of materials (“SBOM”) ● A “list of ingredients” for a software artifact ● Exposes what software is made up of ● Several different uses… ■ Vulnerability scanning ■ Software transparency ■ Policy

12. What is Anchore, Syft, Grype?

13. Anchore Forging the Future of Software Security. Anchore is creating a more secure software supply chain for priceless peace of mind.

14. Anchore’s Open Source Tools Developer-friendly scanning tools for container image security

15. The story of SBOMs at Flux Cloud Native Computing Foundation (CNCF) The Cloud Native Computing Foundation (CNCF) is an open source software foundation that promotes the adoption of cloud-native computing. Maturity Levels: Sandbox ➡ Incubating ➡ Graduation CNCF projects have a maturity level of sandbox, incubating, or graduated, which corresponds to the Innovators, Early Adopters, and Early Majority tiers of the Crossing the Chasm diagram. The maturity level is a signal by CNCF as to what sorts of enterprises should be adopting different projects. July 2019: Flux joins CNCF as a Sandbox Project 🏜 ⌛ 🏝 July 2020: Flux was one of only two projects in the ‘adopt’ category of CNCF CD Tech Radar 📡 ⚙ 💻 March 2021: Flux goes from Sandbox to Incubation 🥚 ⏲ November 2021: Flux Security Audit concludes in preparation for Graduation application 📄 📝 March 2022: Flux applies for Graduation 🤞🤞 🎉 🎓 🎉 🎓 🎉 🎓 🤞🤞

16. Here’s how Flux did it! Initialize artifact .goreleaser.yml

17. Here’s how Flux did it! Install Syft

18. Here’s how Flux did it! Generate release artifacts Create release and SBOM

19. Syft, Grype, & Syft+Grype

20. Flux @ Anchore!

21. Flux at Anchore How we use Flux: ● We manage 2 clusters using Flux ● Environments are set up differently ● Image Automation What I love about Flux: ● Developer empowerment ● Flexibility in deployments ● Source of truth for deployments ● Uses native kubernetes mechanisms

Security: The Value of SBOMs

Recomendados

Recomendados

Más contenido relacionado

La actualidad más candente

La actualidad más candente (20)

Similar a Security: The Value of SBOMs

Similar a Security: The Value of SBOMs (20)

Más de Weaveworks

Más de Weaveworks (20)

Último

Último (20)

Security: The Value of SBOMs