Injecting Security and Compliance Into Your CI/CD pipeline with Vault and GCP

Automate compliance and security scans along with secrets management into your development and delivery workflow.

When our partner’s come together…. we can tackle the most difficult challenges. What is your container security plan? IGNW is here to help!

Speakers:

  • Ryan Hall - Sr. Solutions Engineer, HashiCorp

  • Keshi Tan - Strategic Cloud Engineer, Google Cloud

In security circles, you'll often hear talk of "shift-left" mindsets. More security responsibility and mitigation is moving into the hands of developers and architects (system design). To support that shift, tools are beginning to catch up with new security paradigms and allow teams to implement security as code and secure development / delivery lifecycles.

In this presentation at the Google Cloud digital conference, Senior HashiCorp Solutions Engineer Ryan Hall will walk through a demo of several tools and services that teams can use to secure their CI/CD pipeline and build automated security compliance into their coding and container deployment workflows.

This talk will cover:

  • How container security is different

  • What container security often looks like

  • How container security should look

  • Solutions:

    • HashiCorp Vault

    • Container registry vulnerability scanning

    • Binary authorization by Google Cloud

  • Q&A