Secure What You Build and Where You Run It: Say Hello to the Infrastructure as Code Pack for Nexus Lifecycle
What is the IaC Pack and Why Should You Care?
The Infrastructure as Code Pack is a new add-on to Nexus Lifecycle that enables developers to easily find and fix security vulnerabilities in their cloud infrastructure templates.
Helping developers find and fix security vulnerabilities in third party libraries is already an extensive part of the Nexus Platform. Now, we’ve added the ability to simultaneously prevent security and compliance issues due to misconfigurations in Terraform files. All of this vulnerability information is displayed in the same report, bringing application health and cloud security together in one place.
The IaC Pack is a critical step towards empowering Developers and Site Reliability Engineers (SREs) with guardrails and feedback early in the development process to catch cloud infrastructure configuration and compliance issues before they end up in production where they can be exploited by bad actors. (and no we don’t mean Nicolas Cage or Keanu Reeves) We want to make things as easy as possible for developers – and this is one additional way we’re trying to lessen the load that the modern developer now has to carry.
What is IaC?
Infrastructure as Code (IaC) uses scripts to automate the provisioning and modifying of IT infrastructure. Traditionally, managing servers and infrastructure was a very manual, time consuming process. Cloud native development and virtualization have helped eliminate the problem of physical hardware management, and IaC emerged as a framework for writing and deploying these configurations the same way you would any other line of code. IaC is a much more efficient way of building cloud infrastructure, but also comes with a lot of inherent security risks that need to be addressed to avoid breaches and keep your infrastructure safe.
Cloud misconfigurations are the number one cause of cloud-based data breaches.
According to (Read more...)
*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Kevin Miller. Read the original post at: https://blog.sonatype.com/secure-what-you-build-and-where-you-run-it-infrastructure-as-code-pack-for-nexus-lifecycle
