DevConf.US 2021

Red Hat's CRDA platform in a partnership with world's security leader Snyk, have moved 1 step ahead with the complete dependency scan option available in the jenkins in the form of a plugin. This helps to scan all the dependencies available in the user's stack and give important information about the vulnerabilities associated with it, the popularity of the dependency, the licensing compatibility and much more. Via this session, first, i would like to focus on the major problems that the developers face on a day to day development cycle. Secondly i would like to talk about the probable solutions and then i would like to educate the listeners on how simple it is to use the redhat product and help in order to keep their dependency stack secure and updated. I would also talk in details about the CRDA Platform, which provides you the details about all the vulnerabilities ( powered by Snyk ) associated to the direct packages as well as the transitive packages, the popularity and the updates on the packages, the license compatibility between the packages and finally about the companions

How to leverage Ansible Security Automation if you are a Dev or a SecOps: Introducing automation into your security practices is easy, but planning is required to ensure to implement it in production and at scale. Learn how to architect your Security Automation practice with Ansible, future-proofing its usage to speed up threat analysis and perform remediation's. Top security vendors refine their security solutions incessantly. A wave of new security startups emerges every year. Venture capital firms and end-user organizations invest more money than ever on potential game-changing security players. Nonetheless, the CISOs capability to defend IT infrastructures keeps deteriorating. Why? The lack of integration is a key reason for the inefficiency of existing security solutions, and an opportunity to rethink how IT security works. In this session you will see how Ansible can be used to solve these challenges and be the lingua franca of IT security.

IPsec is a network protocol that provides confidentiality, integrity and authentication between peers. OVN Kubernetes is a networking plugin for Kubernetes. Can we bring them together to bring secure network communication to Kubernetes? Yes we can! This talk will discuss the changes that were made in OpenShift 4.7 to introduce the ability to enable IPsec between nodes in the cluster. It will discuss the motivation, the high level architecture of the changes, how it can be configured and what the future may hold!

Hybrid Public Key Encryption is an encryption scheme under development using both asymmetric and symmetric encryption. The scheme is a promising component for TLS Encrypted Client Hello (ECHO), Messaging Layer Security (MLS) and Oblivious HTTP (OHTTP). The presentation will cover the technical aspects of the scheme and how to use the library implementation. Further information will be presented on possible usages of the scheme.

"Confidential computing" is a set of technologies such as memory or CPU state encryption that are intended to restrict access to the data in a virtual machine to its legitimate users, to the exclusion of even the physical host or the hypervisor running the virtual machine. "Confidential containers" is the application of such technologies to protect the data in containers. This matters for use cases where the "tenant" running the workloads has legal or business reasons to want the data being processed to be hidden from the infrastructure it is running on. This has a number of complicated implications in an ecosystem like Kubernetes or OpenShift. Using the Kata Containers runtime as an example, we will notably explore the various APIs used to create, start, monitor or debug containers. They no longer all belong to the same security realm, and some presently present architectural security risks as a result. We will discuss various solutions that are being considered to address this problem, taking into account existing practice, compatibility considerations, as well as the prospect of offering a real value proposition with solid security in the long term.