Security-specific tools are often overlooked until they become a requirement, necessity, or things go terribly wrong. While many organizations will build a security team to address related issues, smaller organizations and individual contributors do not have this option. This talk is divided into two sections. In the first one, Anais will share the similarities between climbing and the importance of establishing a security-centric mindset. What happens if we do not have security specialists supporting our team? Free-climbing might be an option for experts with years of experience but not for most cluster admins. The second part will go over security-specific tools in the cloud-native ecosystem. A live demo will focus on Trivy, an open-source tool with 11k+ stars on GitHub. Anais will showcase how we can get started and the benefits of integrating cloud-native security tools, such as Trivy, into our existing processes and monitoring stack.
