Untitled
unknown
plain_text
a year ago
3.2 kB
14
Indexable
Artefact Scanning AWS: 1. Amazon ECR (Elastic Container Registry) with Image Scanning: Automatically scans container images for vulnerabilities. 2. Amazon Inspector: An automated security assessment service that helps improve the security and compliance of applications deployed on AWS by scanning EC2 instances. 3. AWS CodePipeline with integrated security tools: Ensures continuous integration and delivery pipelines include security checks. GitLab: 1. GitLab Container Scanning: Scans Docker images for known vulnerabilities. 2. GitLab Dependency Scanning: Detects vulnerabilities in your project dependencies. 3. GitLab SAST (Static Application Security Testing): Analyzes source code to find security vulnerabilities. 4. GitLab DAST (Dynamic Application Security Testing): Scans running web applications for vulnerabilities. 5. GitLab API Fuzzing: Tests APIs for security vulnerabilities by fuzzing. Cloud Configuration AWS: 1. AWS CloudFormation: Manages and provisions AWS infrastructure using code. 2. AWS Config: Continuously monitors and records your AWS resource configurations and helps you automate the evaluation of recorded configurations against desired configurations. 3. AWS Security Hub: Provides a comprehensive view of your security state within AWS and helps you check your compliance with security standards. 4. AWS Artifact: Provides on-demand access to AWS’s security and compliance reports and select online agreements. 5. AWS Organizations: Central management and governance of your AWS environment. GitLab: 1. GitLab CI/CD: Integrates security and compliance checks into your continuous integration and delivery pipelines. 2. GitLab Compliance Dashboard: Monitors and enforces compliance policies across your GitLab projects. 3. GitLab Infrastructure as Code (IaC) Scanning: Integrates IaC security scans into your CI/CD pipeline using tools like Terrascan or Checkov. 4. GitLab Audit Events: Tracks changes and activities within GitLab for compliance and security purposes. Runtime Protection AWS: 1. Amazon GuardDuty: Provides intelligent threat detection and continuous monitoring. 2. AWS Shield: Managed DDoS protection for your AWS applications. 3. AWS WAF (Web Application Firewall): Helps protect your web applications and APIs from common web exploits. 4. AWS Systems Manager: Provides operational insights and security for your applications. 5. AWS CloudTrail: Logs and monitors activity in your AWS account. 6. AWS Detective: Analyzes, investigates, and quickly identifies the root cause of potential security issues or suspicious activities. 7. AWS IAM (Identity and Access Management): Manages access to AWS services and resources securely. 8. AWS KMS (Key Management Service): Manages encryption keys used to encrypt your data. GitLab: 1. GitLab Security Alerts: Notifies and tracks vulnerabilities found in your projects. 2. GitLab Role-Based Access Control (RBAC): Manages permissions and access controls within your GitLab projects. 3. GitLab Secrets Management: Securely manages and injects secrets into your CI/CD jobs. 4. GitLab Data Masking: Redacts sensitive information from job logs to prevent exposure of sensitive data.
Editor is loading...
Leave a Comment