In this blog post we are going to cover how to perform Docker image scanning on the Gitlab CI/CD platform using Sysdig Secure. Container images that don’t meet the security policies that you define within Sysdig Secure will be stopped, breaking the build pipeline before being pushed to your production Docker registry.
In today’s rapidly changing world, software products need to be upgraded frequently and quickly to bring value to customers and users. Software features are continuously developed, tested, deployed, and operated in the production environment. New features are not only developed and tested successfully, but they also deployed and operated without much chaos and disruption.
Continuous Integration and continuous delivery (CI/CD) is a complex part of any development cycle. It involves continuously integrating code into a shared repository to keep code progression amongst a team of developers running smooth and steady. This helps prevent merging errors, duplicated efforts and promoting collaboration to create a better product. That code is then thoroughly and continuously tested to keep problems from arising.
Continuous integration and continuous deployment (CI/CD) has enabled teams to build and deploy software at a much faster pace. DevOps teams can build, test, and deploy changes to production in a matter of minutes, allowing for extremely rapid release cycles. However, a CI/CD pipeline has a lot of moving parts and steps where problems to occur. In order to ensure a successful deployment, it’s important to monitor each step in this process.
In 2019, one part of a successful development team is having a solid CI/CD pipeline. Now, every pipeline will have a unique set of outcomes and needs—which means that you’ll need a strong set of tools to help you accomplish your goals. This blog post will help identify some of the tools out there that can help you make your pipeline great. These tools range from the familiar Jenkins and its newer predecessor Jenkins X to security tools like Twistlock.