Code from a developer goes through different routes until it is branded as production ready. There are different options for developers to source or develop code from. The same holds true for the container images and it becomes a difficult choice to pick the right one. Once the images are imported into the lower environments, it becomes imperative to scan for vulnerabilities before inducting them to into production infrastructure. Each route challenges security teams with different requirements and approach. This session would address the steps that security team should take to keep the supply chain secure.
The objective would be to create a reference architecture that describes a secure supply chain composed of a reliable code repository, continuous “secure” integration and an automated scanning of images.