Thursday, August 19, 2021

OPEN TALK: Let’s Play Tag: DevSecOps Edition! Automated IaC Resource Tagging Strategy for Security Policy Enrichment
Join on Hopin
Steve Giguere
Steve Giguere
Bridgecrew, Developer Advocate

Through GitOps practices, automated security checks, and Infrastructure as Code (IaC) strategic tagging automation, we can begin to build pre-flight and runtime policy-as-code to ensure that misconfigured and insecure resource definitions are caught prior to deployment. When resource misconfiguration or drift is discovered at runtime, a consistent tagging strategy allows resources to be traced back to the appropriate commit. This reveals a best fix location and author to vastly reduce MTTR. To show how this all works, we'll use a combination of open source solutions: Checkov (IaC Policy and Scanning) + Yor (IaC Tag and Trace)