Integrating Security Assessments Into DevOps Cycle


Learning Objectives:
- Get an overview on Amazon Inspector
- Learn how Amazon Inspector is used in the DevOps lifecycle
- Learn how to automate security findings into your process - from finding, to ticketing, to remediation

The flexibility and scale of the AWS Cloud have combined to allow developers to build and deploy applications faster than ever before. In order to maintain a high level of agility, ensuring security has become the responsibility for every team involved in the DevOps lifecycle. Amazon Inspector, an automated AWS security assessment service, has been designed to provide on-demand vulnerability evaluations for the operating systems and applications running on Amazon Elastic Compute Cloud (Amazon EC2) environments. In this Tech Talk, we will review Amazon Inspector, and explore methods and use cases for running assessments at various stages of your deployment pipeline and application lifecycle. Beyond just running assessments, we will run through demos on how to make your assessment findings actionable by injecting them into your operations pipeline through automatic submissions into ticketing and change management systems or directly executing remediation activities.