Containerized AppSec from Code to Production w/ Snyk, Sysdig and AWS

Modern applications and DevOps technology, particularly container and serverless workloads, have blurred the boundaries between code and applications in a running environment.

Code now defines containers, services and infrastructure provisioning. An effective security strategy requires a DevSecOps solution that can bridge the gap between security practitioners’ context in runtime, and an engineering team’s code in development, all without affecting developer performance and speed-to-market.

As a result, Snyk and Sysdig have partnered to help developers and security teams easily find and fix open source and container vulnerabilities in development, then analyze running workloads in production to identify vulnerable packages executed at runtime. This secures apps as they’re built and protects workloads in runtime.

In this session, experts from Snyk, Sysdig and AWS will demonstrate how to:

• Detect and fix vulnerable open source dependencies during coding
• Eliminate vulnerabilities by upgrading to recommended, secure base images
• Automate threat detection and alerting across containers and Kubernetes
• Identify and prioritize vulnerabilities in container packages used at runtime to eliminate noise
• Automate quick fixes throughout the application development lifecycle

Speakers:  

• Clinton Herget, Principal Solutions Specialist, Containers & IaC – Snyk
• Shashiraj Jeripotula, Senior Partner Solutions Architect – AWS
• Eric Carter, Director of Product Marketing – Sysdig