ZeroNorth VP of Engineering Andrei Bezdedeanu and Director of Engineering Sergey Bobrov discuss “Securing a DevOps OpenShift Pipeline” at Red Hat OpenShift Commons.
Abstract:
The ZeroNorth™ platform integrates seamlessly into the DevOps process and enables continuous scanning capabilities at every stage. As code gets written and committed to code repositories, as build processes complete, ZeroNorth can submit the code or build artifacts to scanning by a variety of open source and commercial SAST and SCA tools. The platform provides a unified integration to all products, which lowers the barriers for adoption and potential switching costs. Similarly, container images can be scanned as soon as they are built or posted to repositories such a Docker Hub, Artifactory or Nexus.
Within an OpenShift environment ZeroNorth discovers and automatically scans all applications deployed, as well as the published external routes, with a range of DAST open source or commercial products. As new applications get deployed or new routes created, ZeroNorth can detect them, automatically create new targets and scan them immediately for any vulnerabilities or misconfigurations.
Scan results from the entire security toolchain are collected, normalized and deduplicated in order to provide the most concise and accurate view of the customer’s Security Posture at an application level. Static and dynamic scan results are correlated to provide valuable information about the most critical vulnerabilities as well as point out the root causes of the exploits observed against the applications.
ZeroNorth dashboards present data relevant to the executive level as well as for application stakeholders and individual contributors. Ultimately, the platform provides a clear view of Application and Enterprise Risk and helps users answer key business questions regarding the security and quality of the applications within the enterprise.
