‹ Blogs
Navigating Cloud Security and Automation with Eficode

Published on
January 18, 2024
Author
Andrew Martin
Andy Martin joined Marc and Darren on the DevOps Sauna podcast to discuss the challenges of securing Kubernetes at different user levels and the constantly evolving security practices within the DevOps ecosystem.
They explored cloud and container security, supply chain security, cloud configuration management, and the critical role of relentless security automation in DevSecOps. The conversation also covered the integration of development teams with security operations to ‘shift left’ and embed security practices into CI/CD pipelines, alongside the future of human and AI security integration:
- ControlPlane: Cloud Native security and automation approaches
- DevSecOps and automation scripting with OSCAL
- Security automation scripting and YARA rules
- Preventative pipeline controls, runtime controls, and remediation with AI integration
- The challenges of cloud agnosticism with Terraform
- Dynamic system acceptance testing and AI-driven security measures
- Outsmarting the average SBOM
- Challenges posed by SBOMs in accurately detecting dependencies due to version pinning and dependency blindness
- Different standards like CycloneDX and SPDX for SBOMs, capturing various levels of dependencies and vulnerabilities
The full transcript is available on the Eficode website, where you can listen to the episode.
Related blogs

Blog
DevSecOps is the New DevOps
A brief examination into the transformation of DevOps into DevSecOps
security
devops
supply-chain
ci-cd
containers

Blog
Making TDD Work for You, Part 1: When to Invest and Essential Practices
An exploration of TDD practices to clarify, provide guidance and help with adoption of this development practice.
devops
automation
delivery
containers

Blog
Improve your OPA policies user-based with Gatekeeper
kubernetes
security
compliance
containers
identity