Abstract image of a woman sitting on books and studying on a laptop

Shift Left - How to improve your security with checkov before it’s going to production

Download as PPTX, PDF
A
Anton Grübel

This document discusses shifting security left by using infrastructure as code (IaC) security tools like Checkov to find and prevent defects early. It lists several IaC security tools including Checkov, which supports over 1000 policies across multiple cloud platforms and languages. Checkov allows custom checks to be written in Python or YAML and integrates with GitHub Actions and pre-commit hooks to shift security testing left in the development process.

1 of 11
Download to read offline
Anton Grübel, AWS DevOps Engineer SHIFT LEFT How to improve your security with checkov before it’s going to production
Me, Myself & I ● AWS Enthusiast ● Python Fan ● Open Source Contributor ● Playstation Gamer ● GitHub: gruebel ● PSN: anton-mai
About us 2017 Founded 100% AWS-focussed 20 Talents 33 AWS Certifications 1 AWS Competency 1 APN Ambassador 1 AWS Community Builder
What is Shift Left? Shift Left is a practice intended to find and prevent defects early in the software delivery process. The idea is to improve quality by moving tasks to the left as early in the lifecycle as possible. Kirstie Magowan (bmc)
Shift Left model
Shift Left security
IaC security tools ● cfn-nag ● terrascan ● KICS ● tfsec ● terraform-compliance ● AWS CloudFormation Guard ● checkov
checkov features ● Over 1000 built-in policies ● Supports Terraform (+ plan), CFN, ARM, Docker, Kubernetes, Helm, SLS ● Supports AWS, GCP, Azure ● Custom checks written in Python or YAML ● GitHub Action available ● pre-commit hook available ● Output as CLI, JSON or JUnit XML
Further reading ● https://www.checkov.io/3.Custom%20Policies/Custom%20Policies%20Overvi ew.html ● https://aws.amazon.com/blogs/mt/introducing-aws-cloudformation-guard-2-0/ ● https://aws.amazon.com/blogs/infrastructure-and-automation/use-git-pre- commit-hooks-avoid-aws-cloudformation-errors/ ● https://github.com/antonbabenko/pre-commit-terraform
Keep shifting left! globaldatanet globaldatanet.com hello@globaldatanet.com

More Related Content

PDF
Introduction to CICD
Knoldus Inc.
 
PDF
안정적인 서비스 운영 2014.03
Changyol BAEK
 
PPTX
CI/CD Best Practices for Your DevOps Journey
DevOps.com
 
PDF
Introduction to DevSecOps
Setu Parimi
 
PDF
웹서버 부하테스트 실전 노하우
IMQA
 
PDF
DevOps Roadshow - continuous delivery and release management
Microsoft Developer Norway
 
PDF
Introduction to Vault
Knoldus Inc.
 
PDF
게임 서비스에 딱 맞는 AWS 신규 서비스들로 게임 아키텍처 개선하기 - 김병수 솔루션즈 아키텍트, AWS :: AWS Summit Seo...
Amazon Web Services Korea
 
Introduction to CICD
Knoldus Inc.
 
안정적인 서비스 운영 2014.03
Changyol BAEK
 
CI/CD Best Practices for Your DevOps Journey
DevOps.com
 
Introduction to DevSecOps
Setu Parimi
 
웹서버 부하테스트 실전 노하우
IMQA
 
DevOps Roadshow - continuous delivery and release management
Microsoft Developer Norway
 
Introduction to Vault
Knoldus Inc.
 
게임 서비스에 딱 맞는 AWS 신규 서비스들로 게임 아키텍처 개선하기 - 김병수 솔루션즈 아키텍트, AWS :: AWS Summit Seo...
Amazon Web Services Korea
 

What's hot(20)

PDF
[개인 프로젝트] 쿠버네티스를 이용한 개발환경 자동화 구축시스템 - 프로토타입
choi sungwook
 
PPTX
Fortify-Application_Security_Foundation_Training.pptx
VictoriaChavesta
 
PDF
서비스 무중단 마이그레이션 : KT에서 Amazon으로
신우 방
 
PDF
DevSecOps Jenkins Pipeline -Security
n|u - The Open Security Community
 
PDF
Building Microservices with gRPC and NATS
Shiju Varghese
 
PDF
Cloud-Native Security
VMware Tanzu
 
PDF
Security Process in DevSecOps
Opsta
 
PPTX
NGINX Installation and Tuning
NGINX, Inc.
 
PPTX
Transforming Organizations with CI/CD
Cprime
 
PDF
AWS Black Belt Online Seminar 2017 AWS WAF
Amazon Web Services Japan
 
PPTX
DevOps at Tokopedia - DevOps Indonesia
Khairul Zebua
 
ODP
Phpconf 2013 - Agile Telephony Applications with PAMI and PAGI
Marcelo Gornstein
 
PPTX
McAfee SIEM solution
hashnees
 
PDF
Practical DevSecOps Course - Part 1
Mohammed A. Imran
 
PDF
Cncf checkov and bridgecrew
LibbySchulze
 
PDF
RxSwift to Combine
Bo-Young Park
 
PPTX
AppSec & DevSecOps Metrics: Key Performance Indicators (KPIs) to Measure Success
Robert Grupe, CSSLP CISSP PE PMP
 
PPTX
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
Kelly Grizzle
 
PDF
AWS 클라우드 기반 확장성 높은 천만 사용자 웹 서비스 만들기 - 윤석찬
Amazon Web Services Korea
 
PPTX
SIEM Primer:
Anton Chuvakin
 
[개인 프로젝트] 쿠버네티스를 이용한 개발환경 자동화 구축시스템 - 프로토타입
choi sungwook
 
Fortify-Application_Security_Foundation_Training.pptx
VictoriaChavesta
 
서비스 무중단 마이그레이션 : KT에서 Amazon으로
신우 방
 
DevSecOps Jenkins Pipeline -Security
n|u - The Open Security Community
 
Building Microservices with gRPC and NATS
Shiju Varghese
 
Cloud-Native Security
VMware Tanzu
 
Security Process in DevSecOps
Opsta
 
NGINX Installation and Tuning
NGINX, Inc.
 
Transforming Organizations with CI/CD
Cprime
 
AWS Black Belt Online Seminar 2017 AWS WAF
Amazon Web Services Japan
 
DevOps at Tokopedia - DevOps Indonesia
Khairul Zebua
 
Phpconf 2013 - Agile Telephony Applications with PAMI and PAGI
Marcelo Gornstein
 
McAfee SIEM solution
hashnees
 
Practical DevSecOps Course - Part 1
Mohammed A. Imran
 
Cncf checkov and bridgecrew
LibbySchulze
 
RxSwift to Combine
Bo-Young Park
 
AppSec & DevSecOps Metrics: Key Performance Indicators (KPIs) to Measure Success
Robert Grupe, CSSLP CISSP PE PMP
 
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
Kelly Grizzle
 
AWS 클라우드 기반 확장성 높은 천만 사용자 웹 서비스 만들기 - 윤석찬
Amazon Web Services Korea
 
SIEM Primer:
Anton Chuvakin
 

Similar to Shift Left - How to improve your security with checkov before it’s going to production(7)

PDF
Shift Left. Wait, what? No, Shift Right!!!
Phillip Maddux
 
DOCX
Shift Left Save Resources DevSecOps and the CICD Pipeline
CloudZenix LLC
 
PDF
The left is not wrong, just not right; It's time to shift right!
Phillip Maddux
 
PPTX
Shifting left – embedding security into the devops pipeline by Mike d. Kail
DevSecCon
 
PDF
Cisco_eBook_ShiftLeftSecurity_2022_06_07a.pdf
NathanDjami
 
PDF
Ops Happen: Improve Security Without Getting in the Way
SeniorStoryteller
 
PDF
AWS Infrastructure Pipeline with Terraform and Pre-commit Check
AWS User Group - Thailand
 
Shift Left. Wait, what? No, Shift Right!!!
Phillip Maddux
 
Shift Left Save Resources DevSecOps and the CICD Pipeline
CloudZenix LLC
 
The left is not wrong, just not right; It's time to shift right!
Phillip Maddux
 
Shifting left – embedding security into the devops pipeline by Mike d. Kail
DevSecCon
 
Cisco_eBook_ShiftLeftSecurity_2022_06_07a.pdf
NathanDjami
 
Ops Happen: Improve Security Without Getting in the Way
SeniorStoryteller
 
AWS Infrastructure Pipeline with Terraform and Pre-commit Check
AWS User Group - Thailand
 

Recently uploaded(20)

PPTX
CrowdChain - the future of Shark Tank India
contactnayannn
 
PPT
ch03 data adnd signals- data communications and networks ppt
imranfreetrials
 
PDF
Future-Ready Software Solutions for RPA in Telecom Industry
SynapseIndia
 
PPTX
Machine Learning App Development: Smarter Apps, Real Impact
SynapseIndia
 
PDF
Science is Not Enough SPLC2009 Richard P. Gabriel
Marek569301
 
PDF
Patient Engagement Services in Pennsylvania.pdf
Robert Mark
 
PPTX
FLIGHT WHITE LABEL | AIRLINE WHITE LABEL
philipnathen82
 
PPTX
blood bank managemesnt system.presentation
bhuvibhuvi3108
 
PPTX
unit one of operating system with diagrams.pptx
subitabhdey132
 
PPT
chapter 1 introduction to operating system.ppt
subitabhdey132
 
PPTX
HackYourBrain__UtrechtJUG__11092025.pptx
SimonedeGijt
 
PPT
chapter 15 of operaing system of lunix .pptx
subitabhdey132
 
DOCX
Mobile-First Intranet Design for the Hybrid Workforce
Sharepoint Designs
 
PDF
Faceless Social Review - Viral Ideas & Niche Mastery.pdf
THEMESMO
 
PDF
Introduction to Artificial Intelligence(vsuresh).pdf
jcikishorekumar
 
PPT
introduction of sql, sql commands(DD,DML,DCL))
Rukhmanisahu5
 
PPT
Networking Devices-networking devices -
GoldFuture
 
PPTX
TRAVEL SUPPLIER API INTEGRATION | XML BOOKING ENGINE
philipnathen82
 
PDF
Software Development Company - swapdigit | Best Mobile App Development In India
Digital India
 
PDF
The Gold Standard for AI-Powered Testing: Enterprise Requirements and Best Pr...
Shubham Joshi
 
CrowdChain - the future of Shark Tank India
contactnayannn
 
ch03 data adnd signals- data communications and networks ppt
imranfreetrials
 
Future-Ready Software Solutions for RPA in Telecom Industry
SynapseIndia
 
Machine Learning App Development: Smarter Apps, Real Impact
SynapseIndia
 
Science is Not Enough SPLC2009 Richard P. Gabriel
Marek569301
 
Patient Engagement Services in Pennsylvania.pdf
Robert Mark
 
FLIGHT WHITE LABEL | AIRLINE WHITE LABEL
philipnathen82
 
blood bank managemesnt system.presentation
bhuvibhuvi3108
 
unit one of operating system with diagrams.pptx
subitabhdey132
 
chapter 1 introduction to operating system.ppt
subitabhdey132
 
HackYourBrain__UtrechtJUG__11092025.pptx
SimonedeGijt
 
chapter 15 of operaing system of lunix .pptx
subitabhdey132
 
Mobile-First Intranet Design for the Hybrid Workforce
Sharepoint Designs
 
Faceless Social Review - Viral Ideas & Niche Mastery.pdf
THEMESMO
 
Introduction to Artificial Intelligence(vsuresh).pdf
jcikishorekumar
 
introduction of sql, sql commands(DD,DML,DCL))
Rukhmanisahu5
 
Networking Devices-networking devices -
GoldFuture
 
TRAVEL SUPPLIER API INTEGRATION | XML BOOKING ENGINE
philipnathen82
 
Software Development Company - swapdigit | Best Mobile App Development In India
Digital India
 
The Gold Standard for AI-Powered Testing: Enterprise Requirements and Best Pr...
Shubham Joshi
 

Shift Left - How to improve your security with checkov before it’s going to production

Editor's Notes

  • #4 Partnerships
  • #12 https://awesomeopensource.com/project/toniblyx/my-arsenal-of-aws-security-tools