Скачать или смотреть Continuous Security Testing with OWASP secureCodeBox in Kubernetes - Jannik Hollenbach

This talk provides an introduction to OWASP secureCodeBox, an open-source Kubernetes operator to schedule and orchestrate the execution of popular open-source security scanning tools such as ZAP, Nuclei, Trivy, Nmap, and more.

secureCodeBox unifies the execution of scans using a Scan custom resource in Kubernetes. Scan results can easily be integrated with finding management systems like OWASP DefectDojo to track findings over time, deduplicate and analyze them.

Additionally, secureCodeBox comes equipped with an optional "AutoDiscovery" component to automatically detect applications in Kubernetes clusters and then automatically create scans for them. For example, to automatically schedule Trivy scans to detect unsafe dependencies of each container image running in your cluster. Or to execute dynamic scans like ZAP or Nuclei against every HTTP service in the cluster.

About the speaker:
Jannik Hollenbach is a Software Security Engineer at iteratec GmbH, working on and with open source security testing tools to continuously detect security vulnerabilities in the companies software and systems. He is also a member of the OWASP secureCodeBox & OWASp Juice Shop project team.