In this blog post you’ll learn how to set up image vulnerability scanning for AWS CodePipeline and AWS CodeBuild using Sysdig Secure DevOps Platform. AWS provides several tools for DevOps teams: CodeCommit for version control, CodeBuild for building and testing code, and CodeDeploy for automatic code deployment. The block on top of all these tools is CodePipeline that allows them to visualize and automate these different stages.
As container adoption in AWS takes off, ECR scanning is the first step towards delivering continuous security and compliance. You need to ensure you are scanning your images pulled from AWS ECR for both vulnerabilities and misconfigurations so that you don’t push applications running on AWS that are exploitable.
Cloud teams are increasingly adopting AWS container services to deliver applications faster at scale. Along with the roll out of cloud native architectures with containers and orchestration, what’s needed to stay on top of the security, performance and health of applications and infrastructure has shifted. At Sysdig, we’ve worked with Amazon to provide tools and integrations that help secure your Cloud Native workloads deployed across all AWS container services.
We recently launched Elastic Security, combining the threat hunting and analytics tools from Elastic SIEM with the prevention and response features of Elastic Endpoint Security. This combined solution focuses on detecting and flexibly responding to security threats, with machine learning providing core capabilities for real-time protections, detections, and interactive hunting. But why are machine learning tools so important in information security? How is machine learning being applied?
Back on September 4th, we filed a lawsuit against floragunn GmbH, the makers of Search Guard, a security plugin for Elasticsearch and Kibana, for a multi-year pattern of copying our proprietary code. After filing the claim, we have continued to investigate floragunn’s actions. Today, we have updated our lawsuit in two important ways. First, we have identified additional copying by floragunn with respect to the separate, proprietary code base for our Kibana product.
With the growing complexity and velocity of security threats in dynamic, cloud-native environments, it’s more important than ever for security teams to have the same visibility into their infrastructure, network, and applications that developers and operations do. Conversely, as developers and operations become responsible for securing their services, they need their monitoring platform to help surface possible threats.
In a world where companies’ security teams are notoriously—and rightly—paranoid, we’re pleased to announce that Sentry has recently received its SOC 2 Type I compliance certification. Having met this important industry standard on the effectiveness of a company’s internal controls around information security, our existing and future customers can be confident about their data security and integrity with Sentry.
One of the main benefits to standardized infrastructure is the ability to share application resources across entities. We are taking advantage of this with the Cloud Native Security Hub as we start to explore how to standardize cloud native security.
We are excited to announce the general availability of Calico Enterprise 2.6 (formerly known as Tigera Secure). With this release, it is now possible to fully-automate Security-Policy-as-Code within a CI-CD pipeline, including the ability to implement security as a Canary rollout, which is the most critical requirement to automating network security.
