As you experienced, DecSecOps is an emerging set of practices, processes, and tools to help organizations use, maintain, and secure the software they create. Most organizations have started their DevSecOps journey by finding and fixing their open source vulnerabilities.
As organizations migrate to containers, they continue to evolve their security practices to generate a secure software supply chain to accelerate delivery. As infrastructure configuration becomes part of the software baseline, we need better tools to validate and secure these new artifacts.
I want to thank you for your time and completing the exercises in this workshop.
Additional DevSecOps resources are available on Snyk's DevSecOps Hub. The open-source security foundation under the Linux Foundation. For more details, please visit https://openssf.org/.
The workshop has an additional exercise for anyone interested. The CI/CD pipeline also builds a cloud-native container image using the Cloud Native Buildpacks and the pack command. The Github action to monitor the container images is inactive, but the image results can be monitored via Snyk and compared to the Docker file approach used in the workshop.