Security is now a day 0 concern for a development lifecycle. Addressing security at a very later stage can not only be harder but expensive. Developers could end up accumulating vulnerabilities which can be very difficult to identify and eliminate.

Policy engines and security scanners can together help identify and eliminate vulnerabilities. Potential security threats within your applications, images, or containerized environments can be mitigated from the beginning in a Kubernetes cluster. In this talk, we will understand the significance of implementing security checks from day 0, make use of an open source security scanner like Trivy to scan Docker images, and automate the scanning process using the open source policy engine, Kyverno.

Key takeaways from this talk:

1. Why is security enforcement important from day 0 of development?
2. What are the open source tools available that help us identify and eliminate vulnerabilities?
3. How to perform a security scan in a simple “Hello World” application’s container image using Trivy?
4. How to automate the scanning of container images using Kyverno Policies? [ A mention about the January Meetup to understand Kyverno and how much attending meetups is important as we talk about open source tools and technologies that help lay the foundation. ]
5. What are the benefits of security scan in a Kubernetes cluster?