DevSecOps with Bitbucket Cloud

Support API docs Product updates Sign up for free

Search…

Join Snyk and Atlassian for this hands-on virtual workshop where we will guide you on implementing security best-practices early on in your workflow to build an automated and secure Continuous Integration (CI) & Continuous Delivery (CD) pipeline.
Welcome!
You will begin this workshop as the newest member of a Mythical 500 company: Mythical Mysfits. It's your first day in the office and your predecessor(s) hastily (i.e. manually) deployed an "enterprise-ready" piece of software for group collaboration: goof. According to your colleagues, goof became wildly popular as "The BESTest todo app evar". You, however, are skeptical. Fortunately, your company also recently purchased Snyk and Atlassian Bitbucket Cloud!
In this workshop, you will learn patterns for shift-left security leveraging Atlassian Bitbucket, Bitbucket Pipelines, and Snyk. These techniques will enable you to implement scanning of your container-based workloads running on Amazon Elastic Kubernetes Service (Amazon EKS) and Amazon Elastic Container Registry (ECR) and how to use these patterns to release features and functionality at a faster pace that includes security at each step.
Learning Objectives
Understand Software Composition Analysis (SCA) and its importance in your developer workflows.
Discover vulnerabilities in your application open source dependencies.
Implement Snyk's container image scanning in your Continuous integration and
​Continuous delivery (CI/CD) pipeline.
​Fix insecure Kubernetes configuration at the source.
Leverage the Snyk Pipe for Bitbucket Pipelines to secure your application.
Intended Audience
Developers
Security/Application Teams
DevOps/DevSecOps Engineers
Cloud/Solutions Architects
Content Structure
We have structured the various subjects covered in this workshop into specific modules. Each module will provide context on the theory behind the techniques presented as well as hands-on examples.
Module 1 - Scanning & monitoring application source code
Enable the Snyk Open Source integration to Bitbucket and import your SCM project. Understand transitive dependencies and how Snyk can generate automatic pull requests to streamline your process.
Module 2 - Scanning & monitoring container images
Enable Snyk Container integration to Amazon Elastic Container Registry (ECR) and import your container images. Learn how Snyk provides base image ugprade recommendations.
Module 3 - Scanning & monitoring for insecure Kubernetes configurations
​Install the Snyk controller on Amazon Elastic Kubernetes Service (Amazon EKS) and add workloads for scanning. Understand test results, how to interpret Snyk's Priority Score, and how to fix configuration issues.
Module 4 - Fixing known issues & monitoring
In this module, you will go through guided exercises that demonstrate how to fix for vulnerabilities and insecure configurations. You will apply what you learned in the previous modules and apply fixes to your application, container image, and Kubernetes configuration to secure your application.
To make the most effective use of this content, you should be able to run basic Unix commands. You should also possess familiarity with AWS services, basic cloud concepts and general understanding of software development methodologies.

Conclusion

Prerequisites

Last modified 23d ago

Export as PDF

Copy link

Edit on GitHub

Contents

Module 1 - Scanning & monitoring application source code

Module 2 - Scanning & monitoring container images

Module 3 - Scanning & monitoring for insecure Kubernetes configurations

Module 4 - Fixing known issues & monitoring