Discovering and Fixing Dependency Vulnerabilities for Kubernetes apps with Snyk and Codefresh

0 likes567 views

The document discusses the importance of discovering and fixing dependency vulnerabilities in Kubernetes applications using Snyk and Codefresh tools. It highlights the risks associated with open source software, noting a significant increase in vulnerabilities, and emphasizes the need for integrated security practices throughout the development pipeline. The document also provides resources and links for further exploration of automated scanning techniques to enhance application security.

Technology

Discovering and Fixing Dependency
Vulnerabilities for Kubernetes apps
with Snyk and Codefresh
Antoine Arlaud, Snyk & Dan Garfield, Codefresh

Antoine
Arlaud
Figure Stuff Out Engineer

A Small
Portion of
Your App is
Your Code
SOFTWARE STACK
Custom Code
“Your” application
Libraries
Open source code
Base Image
Basic OS with associated software
packages

SOFTWARE STACK
Custom Code
“Your” application
Libraries
Open source code
Base Image
Basic OS with associated software
packages
+53%
Vulnerabilitie
s Found in OSS
YoY
Source:
https://www.prnewswire.com/news-releases/open-source-vulnerabilities-soar-a
n-additional-40-percent-in-2017-300556046.html

SOFTWARE STACK
Custom Code
“Your” application
Libraries
Open source code
Base Image
Basic OS with associated software
packages

Pipelines and Automation
Ships your code seamlessly

Containers
New deliverables for dev teams

Let’s bake this in
Both App sec and OS Sec

Try it:
https://github.com/snyk-playground/codefresh-pipeline-snyk
-app-docker-scan
OUR APP PIPELINE
Commit Dependency
Scan
Docker
Build
Image
Scan
App
Build
Push to Dockerhub

Codefresh
Plugins
Code Scan
Scan for vulnerabilities packages in
Go, NPM, Java, and many more.
Docker Scan
Finds vulnerabilities in RPM,
Debian, and Alpine Package
Managers
Try it:
https://github.com/snyk-playground/codefresh-pipeline-snyk
-app-docker-scan

T
Get 120 FREE builds/month
Codefresh.io
Learn more at
snyk.io

More Related Content

What's hot (20)

PDF

React Native: Is It Worth It? UA Mobile 2017.UA Mobile

PDF

DevOps Illustrated - A practical approachDavid Oguntade

PPTX

Concurrent version management(tortoise CVS)Mirza_Mohtashim

PDF

Open Source Compliance for DevOps - OSCON 2017Bianca Xue Jiang

PPTX

Protecting Applications with Lambda@Edge and OAuthAllan Denot

PDF

Testing MicroservicesNathan Jones

PPTX

Presentazione resin.ioGianluca Leo

PDF

Continuous Integration on my workMu Chun Wang

PDF

Simple Unit Testing in Appcelerator Titanium AlloyAaron Saunders

PDF

In graph we trust: Microservices, GraphQL and security challengesMohammed A. Imran

PDF

Continuous Integration for TitaniumDenver Sessink

PPTX

Beyond Continuous Delivery - Jenkins User Conference - 23 Oct 2014Chris Hilton

PDF

TiCalabash and TiMocha: The keys to Better & More Stable Titanium AppsAndrew McElroy

PPTX

Tests your pipeline might be missingGene Gotimer

PDF

OWASP Workshop: Docker Image Security Best Practices by Liran Tal - January 2020Liran Tal

PPTX

All you need is Zap - Omer Levi Hevroni & Yshay Yaacobi - DevOpsDays Tel Aviv...DevOpsDays Tel Aviv

PPTX

ATAGTR2017 Upgrading a mobile tester's weapons with advanced debuggingAgile Testing Alliance

PPTX

Continuous SDKJohannes Ebner

PDF

Continuous delivery in QbonJaric Kuo

PDF

AppsodyKhawar Nehal [email protected]

React Native: Is It Worth It? UA Mobile 2017.UA Mobile

DevOps Illustrated - A practical approachDavid Oguntade

Concurrent version management(tortoise CVS)Mirza_Mohtashim

Open Source Compliance for DevOps - OSCON 2017Bianca Xue Jiang

Protecting Applications with Lambda@Edge and OAuthAllan Denot

Testing MicroservicesNathan Jones

Presentazione resin.ioGianluca Leo

Continuous Integration on my workMu Chun Wang

Simple Unit Testing in Appcelerator Titanium AlloyAaron Saunders

In graph we trust: Microservices, GraphQL and security challengesMohammed A. Imran

Continuous Integration for TitaniumDenver Sessink

Beyond Continuous Delivery - Jenkins User Conference - 23 Oct 2014Chris Hilton

TiCalabash and TiMocha: The keys to Better & More Stable Titanium AppsAndrew McElroy

Tests your pipeline might be missingGene Gotimer

OWASP Workshop: Docker Image Security Best Practices by Liran Tal - January 2020Liran Tal

All you need is Zap - Omer Levi Hevroni & Yshay Yaacobi - DevOpsDays Tel Aviv...DevOpsDays Tel Aviv

ATAGTR2017 Upgrading a mobile tester's weapons with advanced debuggingAgile Testing Alliance

Continuous SDKJohannes Ebner

Continuous delivery in QbonJaric Kuo

AppsodyKhawar Nehal [email protected]

Similar to Discovering and Fixing Dependency Vulnerabilities for Kubernetes apps with Snyk and Codefresh (20)

PPTX

Software Composition Analysis Deep DiveUlisses Albuquerque

PDF

Building android apps with Gradle (GREACH 2015)René Gröschke

PDF

Open-Source Security Management and Vulnerability Impact AssessmentPriyanka Aash

PDF

Snyk Intro - Developer Security Essentials 2022Liran Tal

PPTX

Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptxlior mazor

PPTX

Transforming your Security Products at the EndpointIvanti

PDF

.NET Core on MacMelania Andrisan (Danciu)

PDF

Mobile Apps Using AngularJS - Adam Klein @ AngularJS ILRon Gershinsky

PPTX

Contemporary software TRENDS SOFTWARE TRENDSmelissaguillermo

PDF

Php Dependency Management with Composer ZendCon 2016Clark Everetts

PDF

Analysis of-quality-of-pkgs-in-packagist-univ-20171024Clark Everetts

PPT

IBM AppScan Source - The SAST solutionhearme limited company

PDF

Dockercon 2018 EU Updates Ajeet Singh Raina

PDF

Exploiting and analyzing Microsoft Surface ApplicationsWardell Motley, NSA IAM\IEM

PDF

Securing Open Source Code in EnterpriseAsankhaya Sharma

ODP

Effective DevSecOpsPawel Krawczyk

PDF

Php Dependency Management with Composer ZendCon 2017Clark Everetts

PDF

Understanding SBOMs: An Introduction to Modern DevelopmentAnchore

PDF

Deploying Containerised Open-Source CSP PlatformsAngel Borroy López

PDF

Know What’s in Your Containers! Manage and Secure all Open Source that Compos...DevOps.com

Software Composition Analysis Deep DiveUlisses Albuquerque

Building android apps with Gradle (GREACH 2015)René Gröschke

Open-Source Security Management and Vulnerability Impact AssessmentPriyanka Aash

Snyk Intro - Developer Security Essentials 2022Liran Tal

Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptxlior mazor

Transforming your Security Products at the EndpointIvanti

.NET Core on MacMelania Andrisan (Danciu)

Mobile Apps Using AngularJS - Adam Klein @ AngularJS ILRon Gershinsky

Contemporary software TRENDS SOFTWARE TRENDSmelissaguillermo

Php Dependency Management with Composer ZendCon 2016Clark Everetts

Analysis of-quality-of-pkgs-in-packagist-univ-20171024Clark Everetts

IBM AppScan Source - The SAST solutionhearme limited company

Dockercon 2018 EU Updates Ajeet Singh Raina

Exploiting and analyzing Microsoft Surface ApplicationsWardell Motley, NSA IAM\IEM

Securing Open Source Code in EnterpriseAsankhaya Sharma

Effective DevSecOpsPawel Krawczyk

Php Dependency Management with Composer ZendCon 2017Clark Everetts

Understanding SBOMs: An Introduction to Modern DevelopmentAnchore

Deploying Containerised Open-Source CSP PlatformsAngel Borroy López

Know What’s in Your Containers! Manage and Secure all Open Source that Compos...DevOps.com

More from Codefresh (20)

PDF

Detect, debug, deploy with Codefresh and LightstepCodefresh

PDF

CICD Pipelines for Microservices: Lessons from the TrenchesCodefresh

PDF

Simplify Your Code with HelmfileCodefresh

PDF

Making the Most of Helm 3 with CodefreshCodefresh

PDF

5 Simple Tips for Troubleshooting Your Kubernetes PodsCodefresh

PDF

Best Practices for Microservice CI/CD: Lessons from Expedia and CodefreshCodefresh

PDF

Hybrid CI/CD with Kubernetes & CodefreshCodefresh

PDF

VM vs Docker-Based PipelinesCodefresh

PDF

Why You Should be Using Multi-stage Docker Builds in 2019Codefresh

PPTX

Deploy Secure Cloud-Native Apps Fast Codefresh

PDF

CICD Pipelines for Microservices Best Practices Codefresh

PDF

Codefresh CICD New Features Launch! May 2019Codefresh

PDF

Terraform GitOps on CodefreshCodefresh

PDF

Adding Container Image Scanning to Your Codefresh Pipelines with AnchoreCodefresh

PDF

Image scanning using Clair Codefresh

PDF

Updating Kubernetes With Helm Charts: Build, Test, Deploy with Codefresh and...Codefresh

PDF

Docker based-Pipelines with CodefreshCodefresh

PDF

Automated Serverless Pipelines with #GitOps on CodefreshCodefresh

PDF

Net Pipeline on Windows KubernetesCodefresh

PPTX

Multi-cloud CI/CD with failover powered by K8s, Istio, Helm, and Codefresh Codefresh

Detect, debug, deploy with Codefresh and LightstepCodefresh

CICD Pipelines for Microservices: Lessons from the TrenchesCodefresh

Simplify Your Code with HelmfileCodefresh

Making the Most of Helm 3 with CodefreshCodefresh

5 Simple Tips for Troubleshooting Your Kubernetes PodsCodefresh

Best Practices for Microservice CI/CD: Lessons from Expedia and CodefreshCodefresh

Hybrid CI/CD with Kubernetes & CodefreshCodefresh

VM vs Docker-Based PipelinesCodefresh

Why You Should be Using Multi-stage Docker Builds in 2019Codefresh

Deploy Secure Cloud-Native Apps Fast Codefresh

CICD Pipelines for Microservices Best Practices Codefresh

Codefresh CICD New Features Launch! May 2019Codefresh

Terraform GitOps on CodefreshCodefresh

Adding Container Image Scanning to Your Codefresh Pipelines with AnchoreCodefresh

Image scanning using Clair Codefresh

Updating Kubernetes With Helm Charts: Build, Test, Deploy with Codefresh and...Codefresh

Docker based-Pipelines with CodefreshCodefresh

Automated Serverless Pipelines with #GitOps on CodefreshCodefresh

Net Pipeline on Windows KubernetesCodefresh

Multi-cloud CI/CD with failover powered by K8s, Istio, Helm, and Codefresh Codefresh

Recently uploaded (20)

PPTX

𝙳𝚘𝚠𝚗𝚕𝚘𝚊𝚍—Wondershare Filmora Crack 14.0.7 + Key Download 2025sebastian aliya

PDF

From Chatbot to Destroyer of Endpoints - Can ChatGPT Automate EDR Bypasses (1...Priyanka Aash

PDF

Java 25 and Beyond - A Roadmap of InnovationsAna-Maria Mihalceanu

PDF

Why aren't you using FME Flow's CPU Time?Safe Software

PDF

The Future of Product Management in AI ERA.pdfAlyona Owens

PPTX

Enabling the Digital Artisan – keynote at ICOCI 2025Alan Dix

PDF

Unlocking FME Flow’s Potential: Architecture Design for Modern EnterprisesSafe Software

PDF

Cracking the Code - Unveiling Synergies Between Open Source Security and AI.pdfPriyanka Aash

PPTX

MARTSIA: A Tool for Confidential Data Exchange via Public Blockchain - Pitch ...Michele Kryston

PDF

“MPU+: A Transformative Solution for Next-Gen AI at the Edge,” a Presentation...Edge AI and Vision Alliance

PPTX

Paycifi - Programmable Trust_Breakfast_PPTXTFinTech Belgium

PPTX

CapCut Pro Crack For PC Latest Version {Fully Unlocked} 2025pcprocore

PDF

Plugging AI into everything: Model Context Protocol Simplified.pdfAbati Adewale

PPTX

reInforce 2025 Lightning Talk - Scott Francis.pptxScottFrancis51

PPTX

New ThousandEyes Product Innovations: Cisco Live June 2025ThousandEyes

PDF

Python Conference Singapore - 19 Jun 2025ninefyi

PDF

Darley - FIRST Copenhagen Lightning Talk (2025-06-26) Epochalypse 2038 - Time...treyka

PDF

ArcGIS Utility Network Migration - The Hunter Water StorySafe Software

PDF

Open Source Milvus Vector Database v 2.6Zilliz

PDF

Hello I'm "AI" Your New _________________Dr. Tathagat Varma

𝙳𝚘𝚠𝚗𝚕𝚘𝚊𝚍—Wondershare Filmora Crack 14.0.7 + Key Download 2025sebastian aliya

From Chatbot to Destroyer of Endpoints - Can ChatGPT Automate EDR Bypasses (1...Priyanka Aash

Java 25 and Beyond - A Roadmap of InnovationsAna-Maria Mihalceanu

Why aren't you using FME Flow's CPU Time?Safe Software

The Future of Product Management in AI ERA.pdfAlyona Owens

Enabling the Digital Artisan – keynote at ICOCI 2025Alan Dix

Unlocking FME Flow’s Potential: Architecture Design for Modern EnterprisesSafe Software

Cracking the Code - Unveiling Synergies Between Open Source Security and AI.pdfPriyanka Aash

MARTSIA: A Tool for Confidential Data Exchange via Public Blockchain - Pitch ...Michele Kryston

“MPU+: A Transformative Solution for Next-Gen AI at the Edge,” a Presentation...Edge AI and Vision Alliance

Paycifi - Programmable Trust_Breakfast_PPTXTFinTech Belgium

CapCut Pro Crack For PC Latest Version {Fully Unlocked} 2025pcprocore

Plugging AI into everything: Model Context Protocol Simplified.pdfAbati Adewale

reInforce 2025 Lightning Talk - Scott Francis.pptxScottFrancis51

New ThousandEyes Product Innovations: Cisco Live June 2025ThousandEyes

Python Conference Singapore - 19 Jun 2025ninefyi

Darley - FIRST Copenhagen Lightning Talk (2025-06-26) Epochalypse 2038 - Time...treyka

ArcGIS Utility Network Migration - The Hunter Water StorySafe Software

Open Source Milvus Vector Database v 2.6Zilliz

Hello I'm "AI" Your New _________________Dr. Tathagat Varma

Discovering and Fixing Dependency Vulnerabilities for Kubernetes apps with Snyk and Codefresh

1. Discovering and Fixing Dependency Vulnerabilities for Kubernetes apps with Snyk and Codefresh Antoine Arlaud, Snyk & Dan Garfield, Codefresh

2. Dan Garfield Chief Evangelist

3. Antoine Arlaud Figure Stuff Out Engineer

4. Open Source Is just awesome

5. A Small Portion of Your App is Your Code SOFTWARE STACK Custom Code “Your” application Libraries Open source code Base Image Basic OS with associated software packages

6. SOFTWARE STACK Custom Code “Your” application Libraries Open source code Base Image Basic OS with associated software packages +53% Vulnerabilitie s Found in OSS YoY Source: https://www.prnewswire.com/news-releases/open-source-vulnerabilities-soar-a n-additional-40-percent-in-2017-300556046.html

7. SOFTWARE STACK Custom Code “Your” application Libraries Open source code Base Image Basic OS with associated software packages

8. Pipelines and Automation Ships your code seamlessly

9. Containers New deliverables for dev teams

10. Security Is everyone’s responsibility

11. Let’s bake this in Both App sec and OS Sec

12. Try it: https://github.com/snyk-playground/codefresh-pipeline-snyk -app-docker-scan OUR APP PIPELINE Commit Dependency Scan Docker Build Image Scan App Build Push to Dockerhub

13. Codefresh Plugins Code Scan Scan for vulnerabilities packages in Go, NPM, Java, and many more. Docker Scan Finds vulnerabilities in RPM, Debian, and Alpine Package Managers Try it: https://github.com/snyk-playground/codefresh-pipeline-snyk -app-docker-scan

14. T Get 120 FREE builds/month Codefresh.io Learn more at snyk.io