Red Hat OpenShift Commons Briefing: Securing OpenShift DevOps Pipelines with CYBRIC
In this video, CYBRIC VP of Engineering Andrei Bezdedeanu and Director of Engineering Sergey Bobrov explain and demo how the CYBRIC platform is used to secure an OpenShift DevOps pipeline.
Abstract: The CYBRIC platform integrates seamlessly into the DevOps process and enables continuous scanning capabilities at every stage. As code gets written and committed to code repositories, as build processes complete, CYBRIC can submit the code or build artifacts to scanning by a variety of open source and commercial SAST and SCA tools. The platform provides a unified integration to all products, which lowers the barriers for adoption and potential switching costs. Similarly, container images can be scanned as soon as they are built or posted to repositories such a Docker Hub, Artifactory or Nexus.
Within an OpenShift environment CYBRIC discovers and automatically scans all applications deployed, as well as the published external routes, with a range of DAST open source or commercial products. As new applications get deployed or new routes created, CYBRIC can detect them, automatically create new targets and scan them immediately for any vulnerabilities or misconfigurations.