- CheckMates
- :
- Products
- :
- Developers
- :
- DevSecOps
- :
- Shiftleft CICD Integration
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Shiftleft CICD Integration
In this post, we are going to show how to integrate Shiflett into a modern CI/CD orchestrator like Gitlab. We will take the perspective of an application developer that integrates Shiftleft blades into the CI/CD pipeline and how leverages Shiftleft information to start solving vulnerabilities detected in the code, container image that the pipeline build as well as an infrastructure project that uses Terraform.
The following is a short description of Shiftleft modules also known as blades:
- code-scan: Using as input a directory that contains a Git repository, Shiftleft will scan it for vulnerabilities, weak coding practices, sensitive content, and malicious files among other categories
- image-scan: Using as input a container image, compressed into a file, this blade will apply all the capabilities already provided by code-scan and will add on top of that the scanning of OS-level packages included in the container image.
- iac-assessment: In combination with CloudGuard, Infrastructure as code assessment allows users to apply policies to their Terraform projects. The mechanism to define those rules is by making use of CloudGuard Governance Specification Language (GSL). A high-level, human-friendly language.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can shiftleft be used for on premise security or just cloud? We are using Kubernetes & podman on premise.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes if you're running a locally hosted solution like Gitlab or Jenkins it can work there too - you just need to authenticate it against your CloudGuard solution.