Developers want speed. Customers want features. Security teams want time.
This presentation will discuss how Continuous Security can be moulded into the CI/CD pipeline. I'll outline how machine images and ec2 instances in our AWS environment are automatically tested by vulnerability assessment tools packaged in Docker containers. This assures a reasonably secure posture before features hit production and automates the ongoing process of penetration testing thereafter.
In addition to containers, our security automation toolchain comprises an open-sourced framework as well as a smidgeon of python running in AWS Lambda.