John Osborne, chief OpenShift architect for public sector at Red Hat, wrote in a Nextgov article published Wednesday that adopting cloud-native security platforms could help agency developers secure the development of containerized applications.
Osborne said the open source community is creating and introducing new tools that could provide visibility into containerized applications, “perform deep scans to detect trojans, viruses and malware contained within the images” and improve runtime security through the identification of possible behavior changes and anomalies.
Some of these tools are Falco for runtime security, Anchor for scanning and policy and SonarQube for code quality.
He discussed the Open Policy Agent from the Cloud Native Computing Foundation and how OPA can help agencies.
“By adopting OPA, agencies can write the same security policies for their service mesh tooling as they would for Kubernetes or another container orchestration system–a great benefit for agencies used to juggling many different policy tools,” he wrote.
Osborne also cited the importance of DevSecOps in application development.
“By bringing security teams into the development process, you can build automated security and compliance checks into the same deployment mechanisms that are shipping code into production. Applications can be automatically checked for the quality of their code and vulnerabilities or errors in container images," he noted.