As DevOps teams continue to ‘shift security left’ and build container security into the pipeline, integrated toolchains for managing security risk early in the software development lifecycle (SDLC) are becoming critical. The Sonatype Nexus Lifecycle integration with NeuVector enables developers and DevOps teams to manage software vulnerabilities throughout the entire SDLC and even into the production environment. The security risks …
Kubernetes Admission Control is a Critical Link in a Container CI/CD Pipeline An important security enforcement point to build into the container CI/CD pipeline is to prevent unauthorized or vulnerable images from being deployed into production Kubernetes clusters. While basic Kubernetes admission control provides some capabilities, preventing vulnerable images from being deployed requires extensions to the built-in Kubernetes admission control …