September 13-16, 2022
Dublin, Ireland + Virtual
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit Europe 2022 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Irish Standard Time (UTC +1). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.

Back To Schedule
Friday, September 16 • 10:50 - 11:30
Software Supply Chain Aspects in Infrastructure as Code, and How to Secure it - Lior Kaplan, Checkmarx

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
KICS is an Open Source project created to help Keep Infrastructure as Code Secure ( https://kics.io/ ). With today's DevOps best practices, we see a lot of re-use of other IaC snippets and templates (e.g. HELM charts). Which it turn, make IaC to vulnerable to the similar problems as we see in software packages and theirs dependencies. How often do developers or DevOps read the Docker file that just reused, went through the files of the HELM chart they just applied to Kubernetes or made sure they used the official node.js / python container instead of taking the first result available on Docker Hub ? We anticipate that in the future we'll see more and more risks we already know in the software dependency world, applied to the IaC world, which makes the risk be part of a much lower level of your software stack.stack. This session would discuss those risks, and how to leverage IaC scanning to avoid software supply chain problems in your infrastructure.


Lior Kaplan

Open Source Officer, Checkmarx
Lior Kaplan has been part of the Open Source community for more than 20 years with participation in Debian GNU/Linux, LibreOffice & PHP communities. In 2021 he started to lead Checkmarx's Open Source Program Office created to oversee the company's first oss project - KICS, Keep Infrastructure... Read More →

Friday September 16, 2022 10:50 - 11:30 IST
Wicklow Hall 2A (Level 2)
  ContainerCon, Container Images and Registries