Select Page

stackconf online 2021 | Continuous Security – Integrating Security into your Pipelines

by | Sep 21, 2021 | stackconf

This entry is part 3 of 27 in the series stackconf online 2021

stackconf online 2021 is over and was a full success. It was all about open source infrastructure solutions in the spectrum of continuous integration, container, hybrid and cloud technologies. We’re still excited about all of our experts sessions and the large number of participants who joined us from all over the world. In the following you get an insight about one of our talks.

At stackconf online 2021 Matt Jarvis held a talk about the continuous security within pipelines. This is a great topic as security is not only extremly important, but more and more people are realising its importance.

Matt started off by giving us an introduction as to how Dev-ops has progressed and in the pre-cloud era the developer wrote the application and then IT operations took over the security side of things. Nowadays developers write the code, check, deploy and manage almost everything. Which can be a lot! The line has become blurred and the responsibility of security doesn’t have a rightful place, which is where Snyk comes in.

Security is usually considered to be an external practise and as it requires a higher responsibility, it needs to be made easier for developers to use. As we all know, once deployed, it is hard to implement security and having a secure system will help win over the trust of your customers. This problem only grows as each year, more and more code is written, which of course means a higher probability for errors and vunerabilities.

Dependencies and Vunerabilities

The problem with these vunerabilities isn’t always with dependencies themselves, but in fact their dependencies. Up to 70% of the vunerabilities are found here and these indirect dependencies can be used to hide malicious code.

In this example here, the code is hidden in sub dependencies and has had over 440,000 downloads/month! If people are only checking the top layer, there is a whole lot more they are missing. Sometimes all it takes is rebuilding an image or getting newer images. Up to 44% of Docker image vunerabilities can be resolved with a newer base image.

Here lies another problem and that is mainly when it comes to configuring the code. One of the most commonly seen issues is the misconfiguration of code. This is usually unintentional, but also what some developers don’t realise is that not all applications need root access. By default containers run as root and if this rule was changed before it was deployed, it could restrict access for would-be attackers. Something else to consider is the writable file systems that are mounted onto a container. By allowing this an attacker that compromises a container then has write access to the mount drive. If your containers are stateless, the attacker will have a harder time doing damage.

Integrate in a Developers Workflow

Matt went on to talk about how these security flaws can be shifted to the developers level. Security needs to be integrated into a developers workflow to help eliminate these problems at the source. Repositories need to also be taken into consideration and things like two factor authentication, strong key management practises and strong review processes are a great way to reduce weaknesses being exploited.

With the help of Snyk a developer is able to identify a lot of these flaws with monitoring scans and checks. These scans and checks can be automated into pipelines and relieve a lot of the responsibility. This was shown in the demo that Matt gave us and with these checks, the vunerabilities were able to be fixed with the Snyk wizard, amazing! This means that errors are found and corrected before they are even deployed. This is what was meant by moving the responsibility back and fixing the problem at the source. By integrating Snyk into the IDE, it fixes issues right away and elimates the need to worry about containers that are already deployed. Snyk is even smart enough to check packages and repos before they are pulled.

This is exactly the right approach to fixing the problem and by making the whole process easier, there really is no reason not to start implementing Snyk in you setups. Matt has identified the problem and shifted the responsibility to developer, but at the same time made it easy to implement. These tools give developers the help they need in order to secure their containers at the source and not cause future problem that can be easily solved with a few checks and corrections. Snyk helps developers at every step on the way and takes care of the security aspect allowing to release code faster and more securely.

Full talk and more from and about stackconf

Watch the the whole talk by Matt Jarvis:

YouTube player


stackconf 2022 will take place in Berlin. The final date will be announced soon. If you want to learn more about infrastructure solutions in advance you have the possibility to take look at our archive where you can find all slides and videos from this year’s stackconf.

Stay tuned!

Andrew Constant
Andrew Constant
Systems Engineer

Andrew ist der NETWAYS Familie 2020 beigetreten und hat seine Ausbildung zum Fachinformatiker für Systemintegration im Bereich der NETWAYS Web Services erfolgreich abgeschlossen. Der ehemalige Fremdsprachenkorrespondent und aus Northamptonshire stammende Engländer besticht durch seinen Humor und ergänzt das Team sehr gut. Er liebt es, in verschiedene Bereiche einzutauchen und dabei neue Dinge zu lernen. Eine seiner Lieblingsbeschäftigungen ist das Kochen, denn dabei kann er kreativ sein und mit verschiedenen Geschmacksrichtungen und Zutaten experimentieren. Außerdem reist er gerne und arbeitet daran, fließend Spanisch zu sprechen. Andrew versteht sich selbst als lebenslang Lernenden.


Submit a Comment

Your email address will not be published. Required fields are marked *

More posts on the topic stackconf

stackconf 2023 | Take a Look Back!

It was a blast! With an absolutely remarkable lineup of speakers and an exceptional program of presentations, stackconf stands out as an unparalleled experience. Combined with its great community and audience stackconf 2023 was a full success and an unforgettable...

stackconf 2023 | Recap Day 2

After a fun evening event filled with drinks, socializing, and even some roulette, hopefully everyone got some rest. Once that first cup of coffee kicked in, the attendees were ready to dive into the second day's talks at stackconf 2023.   Let the Talks get...

stackconf 2023 | Excitement is in the Air!

Are you ready to dive headfirst into the world of cutting-edge cloud native infrastructure solutions? The wait is finally over as the highly anticipated stackconf 2023 is set to begin tomorrow! Hello Berlin! Yesterday, Katja and Lukas took their packed car and drove...


Web Services



Other posts in series: