Introducci贸n

1

Lo que aprender谩s sobre DevOps con GitLab

2

驴Qu茅 es Devops?

3

El ciclo de vida del Devops

4

Introducci贸n a Gitlab

5

Gitlab vs Github

Administraci贸n

6

Autenticaci贸n

7

Grupos

8

Autorizaci贸n

9

Auditor铆a

10

Proyectos

Planificaci贸n

11

Tipos de desarrollo

12

Planificaci贸n en Gitlab-Issues

13

Planificaci贸n en Gitlab-Etiquetas

14

Planificaci贸n en Gitlab-Pesos

15

Planificaci贸n en Gitlab-Milestones

16

Planificaci贸n en Gitlab-Boards

17

Planificaci贸n en Gitlab-Service Desk

18

Planificaci贸n en Gitlab-Quick actions

Verificaci贸n

19

Inicializaci贸n del repositorio

20

Merge requests

21

Profundizando en Merge requests

22

Continuous Integration-CI

23

Gitlab CI

24

Automatizacion con GitLab Cl

25

Validacion de la configuracion con GitLab Cl

26

gitlab-ci.yml

27

Gitlab pages

28

Implementando Gitlab pages

29

驴Qu茅 es el Desarrollo 脕gil?

30

Gitlab autodevops

31

Implementando GitLab autodevops

32

Habilitando autodevops

Empaquetaci贸n

33

Gitlab container registry

34

Introducci贸n a contenedores

Seguridad

35

Introducci贸n a DevSecOps

36

Firmas de seguridad

37

Pruebas est谩ticas de seguridad

38

Escaneo de contenedores

39

Escaneo de dependencias

40

Pruebas din谩micas de seguridad

41

Gitlab security dashboard

Distribuci贸n

42

Continuous Delivery (CD)

43

Ambientes

44

Review apps

45

Estrategias de Distribuci贸n

46

Feature Flags

47

Rollback

Monitoreo

48

驴Por qu茅 monitorear?

49

M茅tricas de desempe帽o (performance metrics)

50

M茅tricas de salud (health metrics)

51

Metricas de equipo

52

Rastreo de errores

Conclusiones

53

驴Por qu茅 desarrollar con Gitlab?

You don't have access to this class

Keep learning! Join and start boosting your career

Aprovecha el precio especial y haz tu profesi贸n a prueba de IA

Antes: $249

Currency
$209
Suscr铆bete

Termina en:

0 D铆as
7 Hrs
23 Min
0 Seg

Escaneo de contenedores

38/53
Resources

What is container analysis in applications?

Container analysis has become an essential practice before putting applications into production. This process seeks to identify vulnerabilities in the code, libraries, dependencies and operating system features within the containers. This ensures that the application is secure against possible attacks or unwanted intrusions.

How does 'Clair' help in the analysis of containers?

Clair' is an opensource project that acts as a database dedicated to storing and classifying security vulnerabilities. These vulnerabilities are identified and evaluated by security experts, providing you with essential information about their status and severity. To use it, you simply add the Container Scan command to your Git project in Platzi, which facilitates automated scanning of containers for security issues.

What types of vulnerabilities can be found?

In the context of container scanning, we can discover several kinds of vulnerabilities:

  • Security issues in libraries and dependencies: A common occurrence in modern applications where there is a reliance on multiple external packages that may have undetected security flaws.
  • Vulnerabilities at the operating system level: Some container images may contain weaknesses due to the version of the operating system they use. For example, an Ubuntu 16.04-based image could have dozens of security issues.
  • Exposure of secrets or credentials in the code: Passwords or access keys should never be stored inside the project code, as this creates gateways for possible attacks.

How can we mitigate vulnerabilities?

Mitigating vulnerabilities in containers is an ongoing process that requires:

  1. Constant monitoring: Using tools such as 'Clair' to be aware of new vulnerabilities that may arise in the application components.
  2. Upgrading containers: If a critical issue is identified, consider using a lighter-weight image, such as those based on 'Alpine', which have a smaller attack surface.
  3. Review of best practices: Make sure not to include secrets within the code and use secure management strategies for sensitive aspects of the application.

Getting into the security of the software development cycle will allow you to not only identify bugs before they become major problems, but also ensure that the delivery of the application to production is fully shielded against malicious use. Adding these practices to your workflow will not only improve security, but also user confidence in the final product.

I encourage you to explore this topic further and share your experiences or vulnerability stories in the comment system! Continuing to learn and share with the community is an integral part of our professional growth.

Contributions 10

Questions 0

Sort by:

Want to see more contributions, questions and answers from the community?

Un caso muy com煤n es cuando los desarrolladores no se actualizan y se mantiene utilizando dependencias por tradici贸n durante a帽os. Esto crea vulnerabilidades que han sido solucionadas hace tiempo pero que al no se reparadas suceden.

En el caso de donde vivo se ha visto mucho en p谩ginas del gobierno.

contenedores con bases de datos con usuario por defecto , hay un exploit de postgres que te da acceso a root (dentro del contenedor) y en el caso de mongo te pueden dumpear toda la dtb y borrartela y pedir rescate(me ha pasado)

Container Scanning

  • Utiliza Clair y clair-scanner para verificar los contenedores.
  • Si deseas omitir vulnerabilidades, las puedes incluir en el archivo clair-whitelist.yml.
  • Verifica que los paquetes instalados a nivel de contenedor no tengan vulnerabilidad de seguridad.
Container scanning Gitlab usa proyecto de **clair** y **clair-scanner** el cual permite realizar consultas de vulnerabilidades que es una base de datos el cual define status, id y clasificaci贸n de las vulnerabilidades que expertos de seguridad le han dado. tambien verifica que los paquetes instalados a nivel contenedor no tengan vulnerabilidades de seguridad. <u>Para omitir las vulnerabilidades</u> Se debe incluir en el archivo clair-whitelist.yml
2024.03.14 gitlab recomienda integrar<u> </u>**trivy** <https://github.com/aquasecurity/trivy> como scaner de contenedores <https://docs.gitlab.com/ee/user/application_security/container_scanning/> ```js _ _ _ (_)_ | | | | ____ _| |_ | | ____| | _ / _ | | _)| |/ _ | || \ ( ( | | | |__| ( ( | | |_) ) \_|| |_|\___)_|\_||_|____/ (_____| ```

馃槂

Buena clase

Cuando se utilizan las imagenes docker ejemplo https://hub.docker.com/_/drupal/ se pueden presentar estos errores ?

Si se presentan, que tan rapido es la respuesta de actualizacion de estas ?

muchas gracias

no esta corriendo el video, aparece este mensaje de error.
The media playback was aborted due to a corruption problem or because the media used features your browser did not support.