OpenShift Commons Briefing #136: Governance, Containers and Trust with ARRIS and Black Duck/Synopsys
Larry Brigman, Principal Software Engineer with ARRIS Group
Tim Mackey, Technical Evangelist at Black Duck by Synopsys
Host: Diane Mueller, Director, Community Development Red Hat Cloud Platform
Containers have restructured the way we think about our infrastructure, bringing development and operations teams closer together than ever before, and placing applications center stage in the infrastructure environment. Teams are massively scaling containerized deployments with Kubernetes and Kubernetes-based solutions, like Red Hat’s enterprise-grade container orchestration platform, OpenShift Container Platform. But in containerized deployments, because applications sit closer to the infrastructure, without an intervening hypervisor and host OS, application security is more important than ever. In fact, security remains among the most important barriers to container adoption. Issues of Governance, Trust and License Management are top of mind for companies like ARRIS Group with large deployments on OpenShift. Figuring out how to get the licenses of all the code within a container automatically and generate a proper attribution file are non-trivial in the new containerized world order.
Together Tim and Larry will have a conversation about the best practices and address some of these issues and others in this briefing.
Tim Mackey works within the Synopsys Software Integrity Group as a technology evangelist. He joined Synopsys as part of the Black Duck Software acquisition where he worked to bring integrated security scanning technology to Red Hat OpenShift and the Kubernetes container orchestration platforms.