.jpg){kind=icon}
The Pipeline: All Things CD & DevOps Podcast by The CD Foundation
The Pipeline: All Things CD & DevOps is created and hosted by the CD Foundation's Director of Ecosystem & Community Development - Jacqueline Salinas. This is a series of interviews with industry experts, leaders, and innovators. The Pipeline will cover a range of topics that are centered around CD & DevOps. The CDF’s goal is to educate, entertain, provide tips and insights to make the community better software engineers. The intent is to supply up-to-date industry news and innovations, as well as, expand your knowledge of the vast CD & DevOps ecosystem. This podcast is all about learning from your peers as well as the thought leaders in the CDF community who have been there and done that.
The Pipeline: All Things CD & DevOps Podcast by The CD Foundation
Securing Infrastructure-as-code in CI/CD Pipelines
•
Jacqueline Salinas, Director of Ecosystem & Community Development
•
Season 2
•
Episode 17
Guest Speaker: Yoni Leitersdorf
You want to catch security issues in your cloud infrastructure before deployment but you don’t have a lot of time to spend on it.
What is infrastructure as code (IaC) security? How do you inject IaC security into the CI/CD pipeline to catch security risks before deployment? How do you do that without impacting the pipeline and frustrating developers?
You will also learn how we catch common security issues in CI such as:
- Privilege escalation in AWS due to overly permissive IAM permissions
- Drift issue caused by someone changing a security group leading to exposures
- Sharing IAM roles for resources in public and private subnets may not be a good idea
Yoni has successfully implemented IaC security in their CI/CD pipeline at Indeni. He will share best practices and tips to get IaC security implemented quickly.