As our team gets ready for DevOps World | Jenkins World 2018, we wanted to take some time to recap trends we are seeing for organizations using Docker, Kubernetes, and other common tools that are part of the ever-growing cloud native stack.
According to The 2018 DZone Guide to Containers, 63 percent of organizations are using or evaluating the use of containers at their organizations. Additionally, 77 percent of respondents said that “faster development” was the primary concern in adopting containers at their organization.
At DevOps World | Jenkins World 2018, we expect many attendees and presentations to center on DevOps best practices. At the same time, we hope organizations are looking to integrate security into DevOps and achieve a true DevSecOps mindset. This blog serves as some of the resources we’ve shared over the last year that can help you integrate security into the CI process and deploy higher quality code.
Infographic: 7 Tips for Operationalizing DevSecOps
Modern enterprises are implementing both the tools and the cultural changes required to embrace a DevSecOps mindset and approach. Often this means leveraging a container security platform because this allows for them to draw from the experience, knowledge, and resources of the platform/service, while still freeing up engineering staff to accomplish the company’s core mission. This list of tips has been aggregated from discussions with a large group of developers, devops practitioners, and security teams.
Blog: How Jenkins, Docker & Twistlock Delivers on the Promise of Continuous Delivery
Organizations have embraced the notion of continuous delivery using Docker and Jenkins. Docker allows development teams to code, build, and test images rapidly, while Jenkins offers vital build and delivery features for devops teams. A step further, Twistlock integrates during the build process to not only scan container images for vulnerabilities and compliance issues, but also block builds from progressing based on granular policy controls. In this blog post, learn more about the Twistlock Jenkins plugin and how you can integrate security into the build.
Blog: Twistlock Jenkins Plugin and Time-Based Vulnerability Blocking
Twistlock has provided the ability to seamlessly integrate security into your devops pipeline with the Twistlock Jenkins plugin. The plugin allows customers to define thresholds for compliance and vulnerabilities, and fail a build based on, for example, a high level vulnerability. With the advent of our latest release, the Twistlock Jenkins plugin provides even more flexibility with time-based vulnerability blocking. This capability allows users to add a grace period for failing a build based on the day that an update that fixes that vulnerability.
Blog: Jenkins Pipeline on Kubernetes – Building Containers and Integrating Security
Today’s devops teams have a lot of choices when it comes to CI/CD tools and how they want to configure their environments to take advantage of containers and cloud native technologies. We see a lot of customers using various configurations of Jenkins to build their container images, while using the Twistlock Jenkins plugin to scan the images for vulnerability and compliance issues and enforce policy thresholds before images can be pushed to the team’s registries. Recently, we’ve seen customers using Jenkins pipelines within their Kubernetes environments. As I was constructing key steps and researching tutorials from around the web, I thought it would be a good idea share what I learned so you can integrate the Twistlock scanner into a pipeline build running in a Kubernetes cluster.
If you’re interested in learning more about our CI/CD articles on the Twistlock Blog, check out our official CI/CD category: https://www.twistlock.com/category/ci-cd/.
The Twistlock team will be at DevOps World | Jenkins World! Save 20% on your registration to using code JWTWILOCCUST, and use the general attendee option.
Follow us on Twitter
Follow us on Twitter for real time updates on the cloud native ecosystem, Twistlock product, and cloud native security threats.
Taming the Complexity Monster in a Cloud-Native WorldRead the Blog
How My Company (Teckro) Uses ContainersRead the Blog
Mitigating CVE-2019-5736 Impacting RunC and DockerRead the Blog
From Agile to DevSecOps and DevOps SecurityRead the Blog
What’s Next for Cloud-Native Infrastructure Technology?Read the Blog