When it comes to securing an application deployed on Kubernetes, automation through a CI/CD pipeline is key. Using cloud-native security tools that hook right into Jenkins or your favorite CI/CD tool, enterprise security teams can set policies for developers who are building container images. The pipeline enforces those policies through automated vulnerability scanning of each image during the build process. Developers only deploy images that the security team is confident in because they've been scanned.
“CI/CD automation is key because of the scale,” said Liz Rice, technology evangelist at Aqua Security, in this podcast with The New Stack. “You couldn't possibly manually check all these different images when you're shipping potentially hundreds or thousands of deploys in a day.”
Watch on YouTube: https://youtu.be/MC3x2CV3ozA