From the course: Microservices Security Workshop: From Build to Production
Join today to access over 25,500 courses taught by industry experts.
Solution: Run and fix a container scan
From the course: Microservices Security Workshop: From Build to Production
Solution: Run and fix a container scan
(upbeat music) - [Instructor] Now let's talk about why this is so complicated to fix things. You can notice that there are a ton of vulnerabilities here, from the library it says the installed versions, and first of all, there's a lot of libraries that don't have a fixed version. This is why one of the most important things you can do is think about is there even a fix available? Because if I send this as a ticket to a developer and there's not even a fix for them to use, there's nothing they can really do about it. Second, there's this status column. This shows the acknowledgement from the upstream maintainer, hey, this has been affected, we're not going to fix this, and so on. There's a few other statuses as well that you can take a look at. And this is an indication that, hey, if they're not going to fix it, then you know that is a risk that the organization will have to accept. Usually when vendors choose not to fix something, it's because there's not much of an actual risk to it.…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
(Locked)
CI/CD security4m 2s
-
(Locked)
Securing artifact repositories (artifactories)3m 44s
-
(Locked)
Container scanning4m 4s
-
(Locked)
DAST for microservices3m 22s
-
(Locked)
Microservice backups3m 54s
-
(Locked)
Encryption and service mesh3m 30s
-
(Locked)
Red teaming and penetration testing (pentesting)3m 58s
-
(Locked)
Challenge: Run and fix a container scan59s
-
(Locked)
Solution: Run and fix a container scan3m 2s
-
(Locked)
-
-