Security is often considered a highly complex area that is reserved for the “experts” in the team. While developers and security specialists should each focus on their core area, there is a lot that we can do to shift security left by incorporating security tools and processes into our platform engineering. This can empower developers to take control by learning about misconfigurations and vulnerabilities right when resources are created and resolve issues before they become a liability for the business.
In this talk, Anaïs Urlichs will showcase how we can integrate security scanning tools such as Trivy and Starboard into our platform engineering setup. Ultimately, we want to ensure engineers have further insights into the security of created and deployed resources without having to learn new tools.