Slide 1

Slide 1 text

with Trusted Application Pipeline Automate Security on OpenShift Kevin Dubois Senior Principal Developer Advocate Red Hat 1

Slide 2

Slide 2 text

@kevindubois Kevin Dubois ★ Sr. Principal Developer Advocate at Red Hat ★ Based in Belgium 󰎐 ★ 🗣 Speak English, Dutch, French, Italian ★ Open Source Contributor (Quarkus, Camel, Knative, ..) ★ Java Champion youtube.com/@thekevindubois linkedin.com/in/kevindubois github.com/kdubois @kevindubois.com @[email protected]

Slide 3

Slide 3 text

The application Push to give energy windmill 1.Sends click Kafka Topic 2.Sends the interaction 3. Updates the UI Dashboard: Green Energy Nickname Team Push to generate energy Cars that needs energy Two teams competing (top 5 players) First wins

Slide 4

Slide 4 text

4 V1 Scan to play!

Slide 5

Slide 5 text

5

Slide 6

Slide 6 text

6 Increased regulations, frameworks, directives SEC Cybersecurity Rule 1 requires more governance and management regarding material cybersecurity risks, incidents. White House Cyber Executive Order 14028 European Union Cyber Resilience Act Government Cybersecurity Regulations NSA Cybersecurity Collaboration Center (CCC) National Institute of Standards and Technology (NIST) Cybersecurity and Infrastructure Security Agency (CISA) European Union Agency for Cybersecurity (ENISA) Cybersecurity Agency Frameworks and Directives [1] SEC Final Rule - Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure

Slide 7

Slide 7 text

Safeguard build systems early 7 Secure the use of source code and transitive dependencies Software supply chain security considerations for the software development lifecycle Prevent & identify malicious code Continuously monitor security at runtime

Slide 8

Slide 8 text

Code Build Monitor Deploy A generic development process Dependencies git commit code repo git pull (maven) package Container build push to registry K8s deployment definition(s) deploy Base images pom.xml requirements.txt go.mod gitops repo Container registry Pipeline Pipeline 8

Slide 9

Slide 9 text

Code Build Monitor Deploy A security-augmented development process Dependencies git commit code repo git pull (maven) package Container build push to registry K8s deployment definition(s) deploy Base images pom.xml requirements.txt go.mod gitops repo Pipeline Pipeline Red Hat Dependency Analytics Red Hat Trusted Content gitsign verify Red Hat OpenShift cosign sign image generate SBOM Red Hat Trusted Profile Analyzer Generates and signs build pipeline provenance, attestation Verify SLSA compliance Continuous security scans of stored images Red Hat Advanced Cluster Security w/ gitsign Red Hat OpenShift GitOps 9

Slide 10

Slide 10 text

DEMO

Slide 11

Slide 11 text

Push to give energy windmill Kafka Topic 2.Sends the interaction Dashboard: Green Energy Nickname Team SHAKE! to generate energy Cars that need energy Two teams competing (top 5 players) First team wins @kevindubois @alexsotob

Slide 12

Slide 12 text

Quarkus Apache Kafka Infinispan OpenShift GitOps

Slide 13

Slide 13 text

Shaking Time :)

Slide 14

Slide 14 text

V2 Scan the QR Code with your phone to play

Slide 15

Slide 15 text

Shift Security Left in the Software Supply Chain Protect the components, processes and practices early in your software factory Trust, transparency in code management with integrated templates, guardrails for security-focused pipelines *Note: Red Hat Trusted Application Pipeline is a single product SKU that includes RHDH, RHTAS, RHTPA. + + NEW! NEW! NEW! = 15 developers.redhat.com/products/trusted-software-supply-chain/overview

Slide 16

Slide 16 text

Get started Sign up at developers.redhat.com Find out more about Red Hat’s project and products, and what it offers developers 16

Slide 17

Slide 17 text

Thank you! @[email protected] youtube.com/@thekevindubois linkedin.com/in/kevindubois github.com/kdubois slides

Slide 18

Slide 18 text

linkedin.com/company/red-hat youtube.com/user/RedHatVideos facebook.com/redhatinc twitter.com/RedHat 18 Red Hat is the world’s leading provider of enterprise open source software solutions. Award-winning support, training, and consulting services make Red Hat a trusted adviser to the Fortune 500. Thank you