AWS Modernization Workshop: DevSecOps with Atlassian & Snyk
Join Snyk and Atlassian for this hands-on virtual workshop where we will guide you on implementing security best-practices early on in your workflow to build an automated and secure Continuous Integration (CI) & Continuous Delivery (CD) pipeline.
Welcome!
You will begin this workshop as the newest member of a Mythical 500 company: Mythical Mysfits. It’s your first day in the office and your predecessor(s) hastily (i.e. manually) deployed an “enterprise-ready” piece of software for group collaboration: goof. According to your colleagues, goof became wildly popular as “The BESTest todo app evar”. You, however, are skeptical. Fortunately, your company also recently purchased Snyk and Atlassian Bitbucket Cloud!
In this workshop, you will learn patterns for shift-left security leveraging Atlassian Bitbucket, Bitbucket Pipelines, and Snyk. These techniques will enable you to implement scanning of your container-based workloads running on Amazon Elastic Kubernetes Service (Amazon EKS) and Amazon Elastic Container Registry (ECR) and how to use these patterns to release features and functionality at a faster pace that includes security at each step.
Learning Objectives
- Understand Software Composition Analysis (SCA) and its importance in your developer workflows.
- Discover vulnerabilities in your application open source dependencies.
- Implement Snyk’s container image scanning in your Continuous integration and Continuous delivery (CI/CD) pipeline.
- Fix insecure Kubernetes configuration at the source.
- Leverage the Snyk Pipe for Bitbucket Pipelines to secure your application.
Intended Audience
- Developers
- Security/Application Teams
- DevOps/DevSecOps Engineers
- Cloud/Solutions Architects
Content Structure
We have structured the various subjects covered in this workshop into specific modules. Each module will provide context on the theory behind the techniques presented as well as hands-on examples.
Module 1 - Scanning & monitoring application source code
Enable the Snyk Open Source integration to Bitbucket and import your SCM project. Understand transitive dependencies and how Snyk can generate automatic pull requests to streamline your process.
Module 2 - Scanning & monitoring container images
Enable Snyk Container integration to Amazon Elastic Container Registry (ECR) and import your container images. Learn how Snyk provides base image ugprade recommendations.
Module 3 - Scanning & monitoring for insecure Kubernetes configurations
Install the Snyk controller on Amazon Elastic Kubernetes Service (Amazon EKS) and add workloads for scanning. Understand test results, how to interpret Snyk’s Priority Score, and how to fix configuration issues.
Module 4 - Fixing known issues & monitoring
In this module, you will go through guided exercises that demonstrate how to fix for vulnerabilities and insecure configurations. You will apply what you learned in the previous modules and apply fixes to your application, container image, and Kubernetes configuration to secure your application.
To make the most effective use of this content, you should be able to run basic Unix commands. You should also possess familiarity with AWS services, basic cloud concepts and general understanding of software development methodologies.