Image is Everything (Let's Keep it Secure!) with Jason Epstein

•

0 gostou•210 visualizações

Video: https://youtu.be/pCznn0KP8iM In 1990, pro tennis legend, Andre Agassi, unintentionally predicted the importance of container images in the application container movement 20+ years later when he told viewers of the famous Canon commercial, "image is everything". However, even the tennis Hall of Famer couldn't have predicted the security issues that would surface from this new technology. While the Docker container engine and Kubernetes orchestrator make it easy to distribute, orchestrate, and run containers, we also need to ensure our images are safe to use. Malware often masquerades as legitimate images, and vulnerabilities found in official images are frequently exploited by nefarious actors. Both concerns are security threats to the stability and security of your application environment. This is where container image scanning and signing play a crucial role in your organization. Several products on the market seek to address this need, including Harbor, JFrog X-Ray, Docker Trusted Registry, Quay, and Twistlock. This is an essential element to securing your DevOps pipeline. Jason Epstein is a Senior Solutions Engineer on the Docker Enterprise team at Mirantis. He will walk us through an image vulnerability scan, what can be discovered, and how it can be used to help secure your DevOps pipeline.

Tecnologia

2
JASON EPSTEIN
Sr. Solutions Engineer, Mirantis, Inc.
(Docker Enterprise team)
MIRANTIS, INC.
Modern Apps at Enterprise scale
• Docker Enterprise Platform
• Mirantis Cloud Platform (MCP)

3
• Passionate containerist
• Avid runner
• Local craft beer enthusiast
About Jason

4
○ The importance of securing your container images
○ Introduction to image vulnerability scanning
○ Introduction to image signing
○ Glimpse into common products available in the marketplace
○ Demonstrate image scanning and signing
Goals Today

6
What is a Docker Container Image?
An Image is an ordered collection of root filesystem
changes and the corresponding execution parameters
for use within a container runtime. An image typically
contains a union of layered filesystems stacked on top
of each other. An image does not have state and it
never changes.
TL;DR
Images are the “blueprint” to your applications
● Shareable
● Immutable

7
● Know What’s Inside Your Apps
● Know Where Your App Images
Came From
● Know Who Modified Them
Ensure Your Images Are Safe to Run
A Multi-Layered Defense
"Developer use of older, vulnerable
versions is one of the leading causes of
container vulnerabilities.”
- Gartner, Best Practices for Running
Containers and Kubernetes in Production

8
Running vulnerable images exposes your
organization to threats.
Example:
CVE-2019-5021 (discovered May, 2019)
“Versions of the Official Alpine Linux Docker images
(since v3.3) contain a NULL password for the `root` user.”
(source: https://nvd.nist.gov/vuln/detail/CVE-2019-5021)
Why Is Container Image Security Important?
When the required
conditions are met, a
user (legitimate or not)
on your system can
easily gain root access
inside the impacted
container.

9
Software Delivery Lifecycle
Traditional Supply Chain
Software Supply Chain

10
Security Must Span the Entire Software Delivery Lifecycle

11
●CONTINUOUSLY SCAN FOR VULNERABILITIES IN ALL IMAGES
• Improve application security by
scanning for known vulnerabilities prior
to deployment and continuous checks
thereafter
• Ensure compliance with alerts to new
vulnerabilities
Trusted
Content
Image Scanning:
Know What’s Inside Your Apps

12
Image Content Trust:
Know Where Your Apps Came From and Who Modified Them
• Sign image to “approve” passing of each stage.
• Policy to check for signatures before deployment
CI Security Scanning Staging Production

13
Image Security Tools In the Marketplace
Anchore
Trusted Registry

16
Ensure Only Images Signed by Each Team Can be Run
Enforcing Docker Content Trust in Universal Control Plane (UCP)

17
● Scan your images for vulnerabilities
○ Scan every image and assess any vulnerabilities for risk and relevance in
your environment
○ Automate image filtering so that only those that meet your security
criteria make it to the next stage (including production)
● Sign your images to ensure image authenticity
○ Require CI tools, repositories, test tools, security tools, and all other
steps in your pipeline to cryptographically sign every image they process
○ Ensure every environment (including production!) that will run your
images checks for a valid signature from the required sources.
Container Image Security Takeaways

19
Thanks!
Jason Epstein
jepstein@mirantis.com
www.linkedin.com/in/jasonepstein1/
Contact Mirantis: mirantis.com/contact
Request a demo: mirantis.com/demo

Mais conteúdo relacionado

Mais de Weaveworks

Picture this… It’s the middle of the night on a Saturday, and the sound of slack messages rolling in rouses you from slumber. Then two text messages chime in quick succession. As you grab your phone and pry open an eye to figure out WTF, the phone rings - and it’s your boss!? You stammer out a “Hello?” She sounds alarmed. “Wake up, we have a big problem” “It’s two-in-the-morning, what problem?” you croak back. “I guess you missed the alerts while you were sleeping…API endpoints in prod are getting knocked over, and the tokens responsible are yours.” “They’re what? How?” “Get to your machine and jump on the meeting link I just sent - everybody’s waiting” Yikes. Join Weaveworks for some real-world tales from the trenches, and learn about the 5 simple things you can do to prevent making a royal mess of Tenancy in Kubernetes. Hear from developers that got that late night call because of a bone-headed accident, and teams affected by gob-smacking access and permissions foul-ups. Luckily for us, they were happy to tell us the tales so we can learn from their pain. Weave GitOps Workspaces is a new feature that enables multi-tenancy so platform engineers can scale their GitOps workflows across numerous development teams. Oh yeah, it also wards -off wake-up calls in the middle of the night, which is nice. Watch this webinar recording to learn: - How Weave GitOps simplifies tenancy management - How security guardrails keep you from blowing a hole in your app, and across your team - 5 takeaways for enabling Kubernetes tenancy safely and effectively for your teams

How to Avoid Kubernetes Multi-tenancy Catastrophes

Weaveworks

An internal developer platform (IDP) is a set of standardized tools and technologies that enables development teams to self-service, offering convenient access to resources they need to create and deploy compliant code. The ultimate goal is to facilitate automation, autonomy and productivity across large teams. However, creating an IDP is highly complex, especially when bridging hybrid scenarios. In fact, build timelines can take anywhere between one to two years! In this Techstrong Learning Experience, we will discuss how platform engineers can more efficiently build an IDP with Amazon EKS and Weave GitOps and accelerate cloud-native adoption while speeding up migration of existing applications to the cloud. Our experts will also introduce EKS Blueprints, a collection of infrastructure-as-code (IaC) modules like Terraform and AWS Cloud Development Kit (AWS CDK) that will help you configure and deploy consistent EKS clusters across on-premises and cloud. Key Takeaways: - Why you should build a self-service IDP - How to leverage EKS, GitOps and EKS Blueprints to build your IDP - A review of use cases and benefits of an IDP

Building internal developer platform with EKS and GitOps

Weaveworks

GitOps is amazing... until you can't apply it! This has been the case mostly for testing where it continues to be more of a push than a pull in organizations' DevOps pipelines. Join us in this talk to learn the benefits of improving your existing testing pipeline with Testkube, an open source project that brings tests inside your Kubernetes cluster, and FluxCD adding the GitOps sprinkles to testing! Speaker: Abdallah Abedraba, Product Leader at Testkube Abdallah works at Testkube, a Kubernetes native testing framework. In his prior experiences, he has tried everything from software engineering to product management, and now working as a Developer Advocate, on open source (a dream of his!) evangelizing all things Testing and Kubernetes. In his free time, he enjoys attending developer conferences and meetups, as well as spending time at the movies and actively listening to music.

GitOps Testing in Kubernetes with Flux and Testkube.pdf

Weaveworks

You may not think of "GitOps" and "service mesh" together – but maybe you should! These two wildly different technologies are each enormously capable independently, and combined they deliver far more than the sum of their parts: a single Git commit can control workflows customized for your exact situation by taking advantage of the service mesh's ability to measure and manipulate traffic anywhere in your application's call graph, and you can rest easy knowing that Git is preserving the complete configuration for your entire application every step of the way. See how these technologies can work together to tackle complex problems in cloud-native applications. What you’ll get out of this: * Understand what GitOps and service meshes can - and can't - do for you. * Understand basic operations with GitOps and Linkerd. * Understand the basics of continuous deployment with Weave GitOps and Linkerd.

Intro to GitOps with Weave GitOps, Flagger and Linkerd

Weaveworks

Soft multi-tenancy can be hard to achieve and secure. Multiple tenants sharing the same cluster means there are global objects, like Custom Resource Definitions (CRDs), namespaces, and so on, that you don’t want tenants controlling. Platform admins, cluster admins, and tenants, should be separated, with dedicated namespaces, role bindings, node groups, taints and tolerations, etc. With Flux, tenant isolation is enforced by default, so you don’t have to worry about accidental tenant cross-over / cross-contamination. In this session, Priyanka “Pinky” Ravi, Developer Experience Engineer at Weaveworks, will walk you through how to set up multi-tenancy on an existing Kubernetes cluster and manage several tenants within the cluster. Take advantage of the benefits that come with infrastructure as code.

Implementing Flux for Scale with Soft Multi-tenancy

Weaveworks

Join Leo Murillo, Principal Solutions Architect at Weaveworks and Rama Ponnuswami, Sr. Container Specialist at AWS, as they walk through accelerating Multi-stage delivery on GitOps. If you already have EKS-A, you are ready to automate the release of multistage delivery. Thus, allowing you to deploy more often and reliably with less overhead. In this Webinar, we cover: - Best practices for CI/CD, GitOps and Application Pipeline Management. - Simple cluster management across Kubernetes hybrid infrastructure. - Multistage deployments using Weave GitOps for EKS and EKS-A using a single UI dashboard.

Accelerating Hybrid Multistage Delivery with Weave GitOps on EKS

Weaveworks

The Story of Flux Reaching Graduation in the CNCF

Weaveworks

In this session, we’ve partnered with Upbound to showcase how to effectively manage application delivery while maintaining a high level of security using Weave GitOps and Upbound. Managing a stateful application deployment with a relational database, Weave GitOps can recognize if there is a policy violation and correct it before deploying the application. Join us as we demonstrate the scenarios where: All changes to application configuration are managed through Git workflows Upbound’s Universal Crossplane allows you to build, deploy, and manage your cloud platforms GitOps provides an extra layer of security by removing the need for direct access to Kubernetes clusters Policy-as-Code guarantees security, resilience and coding standards compliance Watch the recording: xx

Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...

Weaveworks

In a joint webinar with Traefik Labs, we show how Traefik Hub, a SaaS-based cloud native networking platform, helps you publish your containers securely in seconds with tunnels, OIDC authentication and automated TLS certificate management. And, how you can combine that with Weave GitOps to achieve continuous application delivery using progressive delivery strategies for risk-free and reliable deployments. Security is key, so we showcase multi-tenancy for full RBAC across the different deployment stages, and trusted delivery best practices for continuous security and compliance baked in. Learn how: - To utilize canary deployments for reliable and risk-free application deployments. - GitOps lets you automate and secure the publishing of containers at the edge consistently. - Easy it is to deploy, update and manage your application workloads on Kubernetes. - To publish containers securely using tunnels, OIDC authentication and TLS certificate management.

Securing Your App Deployments with Tunnels, OIDC, RBAC, and Progressive Deliv...

Weaveworks

Flux’s Security & Scalability with OCI & Helm Slides.pdf

Weaveworks

Recently Flux has released two new features (OCI and Cosign) for scalable and secure GitOps. Juozas Gaigalas, a Developer Experience Engineer at Weaveworks, will demonstrate how developers and platform engineers can quickly create scalable and Cosign-verified GitOps configurations using VS Code GitOps Tools extension. New and experienced Flux users can learn about Flux’s OCI and Cosign support through this demo.

Flux Security & Scalability using VS Code GitOps Extension

Weaveworks

Deploying secure, cloud native stateful applications requires a high level of performance across hybrid and multi-cloud environments. Using the scalable, highly performant storage provided by Ondat in combination with Weave GitOps Trusted Delivery, you can shift left security and accelerate software development. Watch this on-demand webinar as we demonstrate how: - All changes to application configuration are managed through Git workflows GitOps provides an extra layer of security by removing the need for direct access to Kubernetes clusters. - Policy-as-Code guarantees security, resilience and coding standards compliance. - To dynamically provision highly available persistent volumes by simply deploying Ondat anywhere with a simple operator profile. - All data services such as replication, compression and encryption, are optimized and accelerated to scale on any platform with Ondat’s low latency data plane.

Deploying Stateful Applications Securely & Confidently with Ondat & Weave GitOps

Weaveworks

While GitOps is known as a paradigm for managing cloud native applications, not many know it fits within platform management as well. Automating the provisioning and management of Kubernetes clusters abstracts away the issue of inconsistency that you get with cluster sprawl, all while shortening provisioning time by consistent automation. But that’s not enough. A networking layer is a standard requirement when managing Kubernetes environments, yet traditional IT networking and security methods do not work. By default, Kubernetes environments allow any pod to connect to any other pod, creating security risks. Furthermore, legacy approaches to network security visibility do not allow for performance of threat detection, compliance monitoring, or incident investigations for Kubernetes workloads. Cilium is a zero-trust cloud-native networking layer providing the necessary security and observability of your Kubernetes environments. What if you were to add your network and security operations into your GitOps workflows? In our webinar with Isovalent, we walk through how to easily add Cilium as a robust Container Network Interface solution using GitOps, and explore some of the Observability and Security features it provides. You'll learn how: - GitOps helps you manage cloud native chaos - To save time creating secure, “user-ready” Kubernetes clusters - To apply Weave GitOps to Kubernetes platform management - To improve network security and network observability using Cilium

Robust Network Security and Observability with GitOps and Cilium

Weaveworks

Intro to GitOps & Flux.pdf

Weaveworks

Simplifying Hybrid Kubernetes with Weaveworks and EKS.pdf

Weaveworks

Weave GitOps 2022.09 Features Launch Event The latest release of Weave GitOps introduces new features enabling progressive delivery, policy as code, and accelerated application onboarding. Weave GitOps is the leading full-stack GitOps platform to automate trusted application delivery and secure infrastructure operations on premise, in the cloud and at the edge. Trusted by Customers, including Deutsche Telekom and The Department of Defense, Platform and Application Teams, Weave GitOps unlocks the benefits of increased efficiency and compliance, while boosting deployment velocity and confidence. Join us where we’ll do a live demo of Weave GitOps showcasing: - Advanced Deployment Patterns—Progressive Delivery has never been easier - Multi-tenancy and Application Portability—More collaboration and control - Strengthened GitOps Security—If you can code it, you can secure it.

Weave GitOps 2022.09 Release: A Fast & Reliable Path to Production with Progr...

Weaveworks

In this webinar, Darren Madams, Weaveworks Solution Architect and Steve Waterworth, Weaveworks Technical Marketing Manager demonstrate how to shift security best practices further left. They’ll walk through a practical example of how Weave GitOps helped a financial services organization move to a hybrid cloud environment for fully automated deployment and cluster provisioning that met their strict security, governance and compliance requirements. Learn: - The need for deploying clusters in on-premise environments because of compliance requirements such as PCI-DSS - How to shift from manual to automated cluster provisioning with policy and security checks in place - How to seamlessly expand automated processes across environments using Weave GitOps - How Weave GitOps features 100+ policies out-of-the box for shifting security further left in your SDLC

Building a Security First Approach Across Hybrid Cloud with GitOps and Policy...

Weaveworks

Cloud-native applications are increasingly spanning across hybrid and multi-cloud environments such as on-premise data centers, in the cloud (Amazon EKS, Azure AKS, Google Cloud GKE) and at the edge. Customers need to ensure security and resiliency for their cloud-native applications while managing releases through reliable, consistent deployment and runtime policies. In this session, we’ve partnered with Tetrate to showcase how to effectively manage advanced deployments using Weave GitOps. Managing application configurations by different teams across multiple Kubernetes clusters is made possible with Weave GitOps and Tetrate Service Bridge. Using familiar Git workflows, Weave Policy-as-Code enables application engineers to quickly deliver new features safely. Join us as we demonstrate the scenarios where: - All changes to application configuration are managed through Git workflows. - GitOps provides an extra layer of security by removing the need for direct access to Kubernetes clusters. - Policy-as-Code guarantees security, resilience and coding standards compliance. - Tetrate Service Bridge provides dynamic configuration of application workloads and failover across multiple Kubernetes clusters.

Security & Resiliency of Cloud Native Apps with Weave GitOps & Tetrate Servic...

Weaveworks

Time is always at a premium for software developers and DevOps teams who are constantly evolving their practices to deliver software more efficiently and frequently. Weave GitOps and Flagger enables DevOps teams to build continuous and progressive delivery pipelines that accelerate release frequency without compromising stability and security. In this on-demand webinar, Steve Waterworth, Technical Marketing Manager at Weaveworks shows how simple it is to set up CI/CD automation across various stages in your software lifecycle. He will walk you through building an automated deployment pipeline that easily handles canary releases, feature flagging or other progressive release patterns. Topics we cover: - How Weave GitOps enables CICD automation to manage the workflow from staging to production. - Why progressive delivery is a catalyst for security, stability and speed. - How to set up a progressive deployment pipeline with Weave GitOps and Flagger.

DevOps Automation with GitOps: Consistent and Secure End to End Deployments

Weaveworks

Designed for cloud-native applications, GitOps makes developers more productive while improving application stability, security, and compliance. The decentralized nature of cloud infrastructure has significantly increased the threat landscape; thus raising many security issues and concerns many companies grapple with. Trusted delivery allows organizations to build and run containerized artifacts that are guaranteed while image generation pipelines are key to a secure environment. These features simplify the shifting left of security and accelerate the adoption of DevSecOps practices. With automated continuous security and compliance checks, in the form of policy as code, fully automated deployments are now possible. In this Webinar, you will learn: Security challenges of cloud-native infrastructure How GitOps help eliminate risks associated with continuous deployment How to leverage policy as code for environments & application artifacts How to produce trustworthy deployment images

Trusted Application Delivery: Achieving Ultimate Security

Weaveworks

Mais de Weaveworks (20)

How to Avoid Kubernetes Multi-tenancy Catastrophes

Building internal developer platform with EKS and GitOps

GitOps Testing in Kubernetes with Flux and Testkube.pdf

Intro to GitOps with Weave GitOps, Flagger and Linkerd

Implementing Flux for Scale with Soft Multi-tenancy

Accelerating Hybrid Multistage Delivery with Weave GitOps on EKS

The Story of Flux Reaching Graduation in the CNCF

Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...

Securing Your App Deployments with Tunnels, OIDC, RBAC, and Progressive Deliv...

Flux’s Security & Scalability with OCI & Helm Slides.pdf

Flux Security & Scalability using VS Code GitOps Extension

Deploying Stateful Applications Securely & Confidently with Ondat & Weave GitOps

Robust Network Security and Observability with GitOps and Cilium

Intro to GitOps & Flux.pdf

Simplifying Hybrid Kubernetes with Weaveworks and EKS.pdf

Weave GitOps 2022.09 Release: A Fast & Reliable Path to Production with Progr...

Building a Security First Approach Across Hybrid Cloud with GitOps and Policy...

Security & Resiliency of Cloud Native Apps with Weave GitOps & Tetrate Servic...

DevOps Automation with GitOps: Consistent and Secure End to End Deployments

Trusted Application Delivery: Achieving Ultimate Security

Último

Tech Trends Report 2024 Future Today Institute.pdf

hans926745

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

Developing An App To Navigate The Roads of Brazil

V3cube

A Domino Admins Adventures (Engage 2024)

Gabriella Davis

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

Discord is a free app offering voice, video, and text chat functionalities, primarily catering to the gaming community. It serves as a hub for users to create and join servers tailored to their interests. Discord’s ecosystem comprises servers, each functioning as a distinct online community with its own channels dedicated to specific topics or activities. Users can engage in text-based discussions, voice calls, or video chats within these channels. Understanding Discord Servers Discord servers are virtual spaces where users congregate to interact, share content, and build communities. Servers may revolve around gaming, hobbies, interests, or fandoms, providing a platform for like-minded individuals to connect. Communication Features Discord offers a range of communication tools, including text channels for messaging, voice channels for real-time audio conversations, and video channels for face-to-face interactions. These features facilitate seamless communication and collaboration. What Does NSFW Mean? The acronym NSFW stands for “Not Safe For Work,” indicating content that may be inappropriate for professional or public settings. NSFW Content NSFW content encompasses material that is sexually explicit, violent, or otherwise graphic in nature. It often includes nudity, profanity, or depictions of sensitive topics.

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

UK Journal

Created by Mozilla Research in 2012 and now part of Linux Foundation Europe, the Servo project is an experimental rendering engine written in Rust. It combines memory safety and concurrency to create an independent, modular, and embeddable rendering engine that adheres to web standards. Stewardship of Servo moved from Mozilla Research to the Linux Foundation in 2020, where its mission remains unchanged. After some slow years, in 2023 there has been renewed activity on the project, with a roadmap now focused on improving the engine’s CSS 2 conformance, exploring Android support, and making Servo a practical embeddable rendering engine. In this presentation, Rakhi Sharma reviews the status of the project, our recent developments in 2023, our collaboration with Tauri to make Servo an easy-to-use embeddable rendering engine, and our plans for the future to make Servo an alternative web rendering engine for the embedded devices industry. (c) Embedded Open Source Summit 2024 April 16-18, 2024 Seattle, Washington (US) https://events.linuxfoundation.org/embedded-open-source-summit/ https://ossna2024.sched.com/event/1aBNF/a-year-of-servo-reboot-where-are-we-now-rakhi-sharma-igalia

A Year of the Servo Reboot: Where Are We Now?

Igalia

Automating Google Workspace (GWS) & more with Apps Script

wesley chun

With more memory available, system performance of three Dell devices increased, which can translate to a better user experience Conclusion When your system has plenty of RAM to meet your needs, you can efficiently access the applications and data you need to finish projects and to-do lists without sacrificing time and focus. Our test results show that with more memory available, three Dell PCs delivered better performance and took less time to complete the Procyon Office Productivity benchmark. These advantages translate to users being able to complete workflows more quickly and multitask more easily. Whether you need the mobility of the Latitude 5440, the creative capabilities of the Precision 3470, or the high performance of the OptiPlex Tower Plus 7010, configuring your system with more RAM can help keep processes running smoothly, enabling you to do more without compromising performance.

Boost PC performance: How more available memory can improve productivity

Principled Technologies

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Martijn de Jong

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

GenCyber Cyber Security Day Presentation

Michael W. Hawkins

Building Digital Trust in a Digital Economy Veronica Tan, Director - Cyber Security Agency of Singapore Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

apidays

💉💊+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHABI}}+971581248768 +971581248768 Mtp-Kit (500MG) Prices » Dubai [(+971581248768**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Maya Whatsapp +971581248768 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971581248768''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971581248768' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Cl

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@

Data Cloud, More than a CDP by Matt Robison

Anna Loughnan Colquhoun

Tata AIG General Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

AWS Community Day CPH - Three problems of Terraform

Andrey Devyatkin

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

Scaling API-first – The story of a global engineering organization Ian Reasor, Senior Computer Scientist - Adobe Radu Cotescu, Senior Computer Scientist - Adobe Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

apidays

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

Image is Everything (Let's Keep it Secure!) with Jason Epstein

2. 2 JASON EPSTEIN Sr. Solutions Engineer, Mirantis, Inc. (Docker Enterprise team) MIRANTIS, INC. Modern Apps at Enterprise scale • Docker Enterprise Platform • Mirantis Cloud Platform (MCP)

3. 3 • Passionate containerist • Avid runner • Local craft beer enthusiast About Jason

4. 4 ○ The importance of securing your container images ○ Introduction to image vulnerability scanning ○ Introduction to image signing ○ Glimpse into common products available in the marketplace ○ Demonstrate image scanning and signing Goals Today

5. 5

6. 6 What is a Docker Container Image? An Image is an ordered collection of root filesystem changes and the corresponding execution parameters for use within a container runtime. An image typically contains a union of layered filesystems stacked on top of each other. An image does not have state and it never changes. TL;DR Images are the “blueprint” to your applications ● Shareable ● Immutable

7. 7 ● Know What’s Inside Your Apps ● Know Where Your App Images Came From ● Know Who Modified Them Ensure Your Images Are Safe to Run A Multi-Layered Defense "Developer use of older, vulnerable versions is one of the leading causes of container vulnerabilities.” - Gartner, Best Practices for Running Containers and Kubernetes in Production

8. 8 Running vulnerable images exposes your organization to threats. Example: CVE-2019-5021 (discovered May, 2019) “Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user.” (source: https://nvd.nist.gov/vuln/detail/CVE-2019-5021) Why Is Container Image Security Important? When the required conditions are met, a user (legitimate or not) on your system can easily gain root access inside the impacted container.

9. 9 Software Delivery Lifecycle Traditional Supply Chain Software Supply Chain

10. 10 Security Must Span the Entire Software Delivery Lifecycle

11. 11 ●CONTINUOUSLY SCAN FOR VULNERABILITIES IN ALL IMAGES • Improve application security by scanning for known vulnerabilities prior to deployment and continuous checks thereafter • Ensure compliance with alerts to new vulnerabilities Trusted Content Image Scanning: Know What’s Inside Your Apps

12. 12 Image Content Trust: Know Where Your Apps Came From and Who Modified Them • Sign image to “approve” passing of each stage. • Policy to check for signatures before deployment CI Security Scanning Staging Production

13. 13 Image Security Tools In the Marketplace Anchore Trusted Registry

14. 14

15. 15 Demo

16. 16 Ensure Only Images Signed by Each Team Can be Run Enforcing Docker Content Trust in Universal Control Plane (UCP)

17. 17 ● Scan your images for vulnerabilities ○ Scan every image and assess any vulnerabilities for risk and relevance in your environment ○ Automate image filtering so that only those that meet your security criteria make it to the next stage (including production) ● Sign your images to ensure image authenticity ○ Require CI tools, repositories, test tools, security tools, and all other steps in your pipeline to cryptographically sign every image they process ○ Ensure every environment (including production!) that will run your images checks for a valid signature from the required sources. Container Image Security Takeaways

18. 18 Questions?

19. 19 Thanks! Jason Epstein jepstein@mirantis.com www.linkedin.com/in/jasonepstein1/ Contact Mirantis: mirantis.com/contact Request a demo: mirantis.com/demo

Image is Everything (Let's Keep it Secure!) with Jason Epstein

Recomendados

Recomendados

Mais conteúdo relacionado

Mais de Weaveworks

Mais de Weaveworks (20)

Último

Último (20)

Image is Everything (Let's Keep it Secure!) with Jason Epstein