Application delivery pipelines share many traits with any assembly line.
Open source libraries, runtimes, databases, and base images are raw materials to be inspected to ensure they meet quality and security standards. Modern applications combine these raw materials with custom code to create dynamic and complex environments, opening up an extremely effective attack vector.
While not new, software supply chain attacks are on the rise with changes in how applications are built. With open source components making up more than 80% of modern codebases, having a reliable “source of truth” for the security, compliance, and provenance of software and its dependencies is critical.
In this webinar, Snyk, CircleCI and Cloudsmith will share practices and tools that are helping developers create applications with integrity, quality, and security.
You’ll see how to:
- Find and fix known vulnerabilities in app dependencies and container images
- Build a source of truth for open source packages to avoid malicious packages
- Combine continuous packaging and security into a CircleCI delivery pipeline Create provenance and security quality gates as part of deployment workflows
Join Ryan Pedersen (CircleCI), Tom Gibson (Cloudsmith), and Tomas Gonzalez (Snyk) to learn how to manage and mitigate this new risk profile and create a more holistic application security approach.