At the Twistlock Cloud-Native Security Day, a co-located event at KubeCon 2019, I got to talk about what cheesecake and building apps have in common. As a developer you’re responsible for the security of your app. Security in this case should be seen in the broadest sense of the word, ranging from licenses to software packages. A chef creating cheesecake has similar challenges. The ingredients of a cheesecake are similar to the software packages a developer uses. The preparation is similar to the DevOps pipeline, and recipe is similar to the licenses for developers. Messing up any of those means you have a messy kitchen, or a data breach! In this talk we’ll look at:
- Why do we care about licenses?
- How does Sec get into the early stages of DevSecOps?
- What can chefs and devs learn from each other?
Today, Kubernetes is the defacto standard if you want to run container workloads in a production environment. As we set out to build our next generation of products, and run them smoothly in the cloud, we needed to move to Kubernetes too! In the process of building tools like KubeXray and GoCenter we learned a whole bunch. At the Amsterdam Kubernetes/Cloud-Native Meetup I presented a talk in which we walked through our lessons learned and how we’re running it at scale.
As a developer advocate, I’m in the amazing position to talk to lots and lots of developers. Throughout those conversations I hear a lot of the same concerns popping up. Two of those being, “where did I deploy that microservice?” 😩 and “what is the API definition of that microservice again?“😟