[ale] Containers... use?

Solomon Peachy pizza at shaftnet.org
Mon Sep 18 09:34:37 EDT 2017


On Mon, Sep 18, 2017 at 09:18:46AM -0400, Jerald Sheets wrote:
> All containers should be curated by Systems.  The Developers should 
> submit them for security scanning, or you should employ a DevSecOps 
> model for deployment.  i.e., federate security scanning by providing 
> OS, App, transport, penetration, and network security testing as APIs 
> that devs can leverage instead of leaving them to security.  Left to 
> their own devices, unreasonable deploy timelines set for them, and 
> golf-playing pointy-hairs with unreasonable ship date requirements, 
> it’ll never happen.

> This should all be automated and part of a security CI/CD pipeline 
> without which a “pass” from the security field, cannot ever be 
> deployed into production.  This is how we do it.

The unspoken assumption here is that your needs are sufficient to make 
this (completely necessary!) administrative overhead worthwhile.  

Unfortunately, much like VMs before, most shops just "download an image" 
from the likes of DockerHub and then deploy it, with no real thought
towards ongoing maintainence or security concerns.  Because those cost
time/effort -- and therefore and money.

 - Solomon </grumble>
-- 
Solomon Peachy			       pizza at shaftnet dot org
Coconut Creek, FL                          ^^ (email/xmpp) ^^
Quidquid latine dictum sit, altum videtur.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: not available
URL: <http://mail.ale.org/pipermail/ale/attachments/20170918/fe81d21a/attachment.sig>


More information about the Ale mailing list