YoVDO

Unpacking Open Source Security in Public Repositories and Registries

Offered By: CNCF [Cloud Native Computing Foundation] via YouTube

Tags

Container Security Courses Cybersecurity Courses DevSecOps Courses Risk Analysis Courses Vulnerability Scanning Courses Cloud-Native Security Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the security landscape of open source projects and public registries in this 34-minute conference talk by Ben Hirschberg from ARMO. Dive into groundbreaking research that scans popular open source projects like Grafana, Prometheus, Lens, Helm, and ArgoCD, as well as public registries such as DockerHub, Quay, GCR, and ECR. Discover how these widely-used resources measure up against common compliance frameworks including CIS, MITRE ATT&CKĀ®, NIST, and NSA-CISA. Gain insights into prevalent misconfigurations, the impact of well-known CVEs (exemplified through Log4J), and critical red flags to watch out for when utilizing public resources. Conclude with a comprehensive risk analysis and scoring of these resources, highlighting key security concerns and providing best practices to safeguard your systems and operations in the ever-evolving container ecosystem.

Syllabus

Unpacking Open Source Security in Public Repos & Registries - Ben Hirschberg, ARMO


Taught by

CNCF [Cloud Native Computing Foundation]

Related Courses

Building on Microsoft Sentinel Platform
Microsoft via YouTube
Securing Applications and Infrastructure on Kubernetes with Sysdig
Mirantis via YouTube
Container Escape in 2021
Hack In The Box Security Conference via YouTube
Running at Light Speed - Cloud Native Security Patterns
LASCON via YouTube
Controlled Mayhem With Cloud Native Security Pipelines
OWASP Foundation via YouTube