With unrelenting attacks from malicious hackers on business critical software and infrastructure, the "Shift-left" approach for security testing has gained substantial momentum in the enterprises. The recommended approach for an improved security posture is to test early and test often.
Trivy is an open-source vulnerability scanning tools - or a CLI utility - that can easily integrate into the development inner-loop and in the continuous integration (CI) pipeline. It looks for known vulnerabilities in target operating-system and third-party application dependencies and categorically displays the results.
In this meetup, Faheem, Principal DevOps Architect @ Amobee Inc, will review and demonstrate how Trivy works from the CLI and a Jenkins Pipeline.
Freewheel / Comcast
Principal Engineer
Faheem is a mission-oriented technology leader focused on building reliable, scalable, and secure engineering platforms that increase organizational output. He believes the “you build it, you run it” is an effective DevOps model that helps achieve greater efficiency. In addition, He enjoys building and leading highly skilled teams that deliver high-quality solutions for the organization and it…
Freewheel / Comcast
Principal Engineer
Buoyant
Technical Evangelist
Kublr
CTO