Securing Infrastructure Code for Build and Deployment Environments


Breakout session at Cybersecurity: Strategic research and industry impact, 2nd edition, Mechelen, Belgium

DevOps has transformed software development and deployment by promoting seamless collaboration between teams to boost speed, reliability, and innovation. Infrastructure as Code (IaC), managing computing infrastructure through executable source code, plays a central role, ensuring predictability, efficiency, and reliability. For instance, Ansible serves as a versatile IaC tool, simplifying configuration management and automation, while Docker packages apps and their dependencies into isolated containers for consistent execution, and Helm streamlines Kubernetes app management. In this session, we explore IaC security challenges, including Ansible vulnerability detection techniques, Docker container package monitoring, and insights from Helm chart security analysis. Learn how to address security challenges in these popular IaC tools.