Presentation Material
AI Generated Summarymay contain errors
Here is a summarized version of the content:
The speaker presents a comprehensive implementation of code security, , covering various stages from threat modeling to cloud security posture management (CSPM). The process starts with threat modeling, I mean identifying potential threats and risks in the code. Next, (iteration), the developer fixes issues, for pipeline success. Dynamic assessment is done, or some issues are reported.
Containerization involves containerizing the application, , scanning the container image using Trivy open-source scanner. If high-severity issues are detected, the pipeline fails and the developer needs to fix them.
Infrastructure scanning is done with a Terraform script using Trivy scanner. Critical severity issues, such as exposing ports to the internet, are identified and need to be fixed.
All results are uploaded to DefectDojo dashboard, providing visibility into risk assessment, total findings, active findings, mitigated findings, and more. Individual results can be accessed, and issues can be assigned to developers for fixing.
The speaker also demonstrates how to get a list of open-source dependencies used in the code, which can be exported to Excel or CSV format.
Finally, CSPM is implemented using Scout Suite open-source tool, which scans AWS infrastructure and provides an HTML and JSON report. The JSON report is uploaded to DefectDojo dashboard for centralized tracking and assignment to Cloud administrators for fixing.
The speaker concludes by thanking the audience and seeking feedback and improvements.