Securing the Software Supply Chain: Why cloud native apps require a different approach

We’ve seen this story play out in grand fashion over the last year: attackers are using the software supply chain to inject malicious artifacts into CI/CD pipelines and execute elaborate kill chains in production. Traditional software testing techniques are ill-equipped to detect these advanced threats that only initiate during runtime, and cloud native ecosystems add multiple layers of complexity. Now, today’s best practices for DevSecOps all but oblige security teams to implement complete pre-production analysis of runtime behavior, to provide detailed documentation of the attack kill chain, and to facilitate proper remediation at the risk’s source.

At the Inspired Virtual Summit, Aqua Security discussed supply chain security for today’s cloud native software ecosystems, exploring:

• Advanced threats in the software supply chain.
• Security implications of cloud native and DevOps methodologies.
• Best practices for detecting malware and mitigating risks before production deployment.

Speaker: Steven Zimmerman, Senior Product Marketing Manager, Aqua Security