YoVDO

Unpacking Open Source Security in Public Repositories and Registries

Offered By: CNCF [Cloud Native Computing Foundation] via YouTube

Tags

Container Security Courses Cybersecurity Courses DevSecOps Courses Risk Analysis Courses Vulnerability Scanning Courses Cloud-Native Security Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the security landscape of open source projects and public registries in this 34-minute conference talk by Ben Hirschberg from ARMO. Dive into groundbreaking research that scans popular open source projects like Grafana, Prometheus, Lens, Helm, and ArgoCD, as well as public registries such as DockerHub, Quay, GCR, and ECR. Discover how these widely-used resources measure up against common compliance frameworks including CIS, MITRE ATT&CKĀ®, NIST, and NSA-CISA. Gain insights into prevalent misconfigurations, the impact of well-known CVEs (exemplified through Log4J), and critical red flags to watch out for when utilizing public resources. Conclude with a comprehensive risk analysis and scoring of these resources, highlighting key security concerns and providing best practices to safeguard your systems and operations in the ever-evolving container ecosystem.

Syllabus

Unpacking Open Source Security in Public Repos & Registries - Ben Hirschberg, ARMO


Taught by

CNCF [Cloud Native Computing Foundation]

Related Courses

Maintaining Deployment Security in Microsoft Azure
Pluralsight
Microsoft Azure Security Engineer: Configure Advanced Security for Compute
Pluralsight
Microsoft Azure Security Technologies (AZ-500) Cert Prep: 2 Implement Platform Protection
LinkedIn Learning
Securing Containers and Kubernetes Ecosystem
LinkedIn Learning
Performing DevSecOps Automated Security Testing
Pluralsight