Trusting Your Ingredients at Docker Meetup Atlanta

At the Twistlock Cloud-Native Security Day, a co-located event at KubeCon 2019, I got to talk about what cheesecake and building apps have in common. As a developer you’re responsible for the security of your app. Security in this case should be seen in the broadest sense of the word, ranging from licenses to software packages. A chef creating cheesecake has similar challenges. The ingredients of a cheesecake are similar to the software packages a developer uses. The preparation is similar to the DevOps pipeline, and recipe is similar to the licenses for developers. Messing up any of those means you have a messy kitchen, or a data breach! In this talk we’ll look at: Why do we care about licenses? How does Sec get into the early stages of DevSecOps? What can chefs and devs learn from each other?

Developers love Docker containers for managing software, but apps also need data and configuration. Those live on Docker volumes, and the question becomes: how do you reuse them?

There are many challenges facing software development specifically when building and deploying new microservices as we try to do every day. Using Cloud-Native technologies we can navigate some of those risks, but not all of our development practices, especially security and compliance, have kept up with the speed in which the rest of our tech stack has evolved. In this presentation I cover how JFrog Xray helps you safely deploy your artifacts to production with full confidence.