Sorting through the fluff: Declutter and remediate container vulnerabilities with context

Sorting through the fluff: Declutter and remediate container vulnerabilities with context

Description:

"At Atlassian, 99% of services deployed to production are built on containers. When implementing container scanning company wide for the first time we were faced with tens of thousands of issues being found by Snyk across the organization.

We chose to go against the grain of using CVSS scores exclusively when assigning severity to tickets and instead examined the issues in the context of their target operating systems. By utilizing the distros' relative importance provided by Snyk, we ensured any asks of our engineers were actionable and assigned an appropriate severity level that matched the prioritization needed from them.

Combining this with the process of identifying containers built on "golden" base images or services using common sidecars, we not only ensure developers can focus on issues they actually have control over, but also improve our security posture by keeping these container images and sidecars up to date across all Atlassian services."

Speakers:

Sharada Moorthy

Senior Product Security Engineer, Atlassian

Will Ratner

Senior Product Security Engineer, Atlassian

Patch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo Segment

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer’s toolkit.

Start freeBook a live demo