Using Static Analysis to Catch Configuration Vulnerabilities

Explore the critical role of static analysis in identifying and preventing configuration vulnerabilities in containerized environments and Infrastructure as Code (IaC) setups. Learn how misconfigurations can lead to security risks such as exposed secrets, data leaks, unauthorized access, and DDoS attacks. Discover the importance of shifting left in the software development lifecycle to catch vulnerabilities early. Examine common pitfalls in Dockerfile configurations that can introduce security vulnerabilities and poor practices. Gain insights into Static Analysis and Software Composition Analysis techniques for securing code and dependencies. Follow a practical demonstration on setting up Static Analysis in your IDE to scan Dockerfiles, receive suggested fixes, and implement gating mechanisms to block critical issues. Presented by Borja Burgos, Director of Product Management at DataDog, this 38-minute conference talk from DockerCon 2023 equips developers and DevOps professionals with essential knowledge to enhance the security of their containerized applications and infrastructure.

Using Static Analysis to Catch Configuration Vulnerabilities (DockerCon 2023)