AWS DevOps Blog

Tag: Security

Manage application security and compliance with the AWS Cloud Development Kit and cdk-nag

Infrastructure as Code (IaC) is an important part of Cloud Applications. Developers rely on various Static Application Security Testing (SAST) tools to identify security/compliance issues and mitigate these issues early on, before releasing their applications to production. Additionally, SAST tools often provide reporting mechanisms that can help developers verify compliance during security reviews. cdk-nag integrates […]

Read More
Code Guru

Detect Python and Java code security vulnerabilities with Amazon CodeGuru Reviewer

with Aaron Friedman (Principal PM-T for xGuru services) Amazon CodeGuru is a developer tool that uses machine learning and automated reasoning to catch hard to find defects and security vulnerabilities in application code. The purpose of this blog is to show how new CodeGuru Reviewer features help improve the security posture of your Python applications […]

Read More
Containers devsecops pipeline architecture

Building an end-to-end Kubernetes-based DevSecOps software factory on AWS

DevSecOps software factory implementation can significantly vary depending on the application, infrastructure, architecture, and the services and tools used. In a previous post, I provided an end-to-end DevSecOps pipeline for a three-tier web application deployed with AWS Elastic Beanstalk. The pipeline used cloud-native services along with a few open-source security tools. This solution is similar, […]

Read More
The 3 hexagons of the well architected logo appear to the right of the words AWS Well-Architected.

Choosing a Well-Architected CI/CD approach: Open-source software and AWS Services

Take a Well-Architected approach to make an informed decision when choosing to implement CI/CD using open-source tools on AWS services, using managed AWS services, or a combination of both.

We will look at key considerations for evaluating open-source software and AWS Services using the perspectives of a startup company, and a mature company, as examples. These will give you two very different points of view that you can use to compare to your own organization. To make this investigation easier we will use Continuous Integration (CI) and Continuous Delivery (CD) capabilities as the target of our investigation.

In our next two blog posts we will follow two AWS customers Iponweb and BigHat Biosciences as they share their CI/CD journeys, their perspective, the decisions they made, and why.

To end the series, we will explore an example reference architecture showing the benefits AWS provides regardless of your emphasis on open source tools or managed AWS services.

Read More
continuous compliance workflow

Continuous Compliance Workflow for Infrastructure as Code: Part 1

Security and compliance standards are of paramount importance for organizations in many industries. There is a growing need to seamlessly integrate these standards in an application release cycle. From a DevOps standpoint, an application can be subject to these standards during two phases: Pre-deployment – Standards are enforced in an application deployment pipeline prior to […]

Read More

Tightening application security with Amazon CodeGuru

Amazon CodeGuru is a developer tool that provides intelligent recommendations for improving code quality and identifies an application’s most expensive lines of code. To help you find and remediate potential security issues in your code, Amazon CodeGuru Reviewer now includes an expanded set of security detectors.  In this post, we discuss the new types of […]

Read More

Securing Amazon EKS workloads with Atlassian Bitbucket and Snyk

This post was contributed by James Bland, Sr. Partner Solutions Architect, AWS, Jay Yeras, Head of Cloud and Cloud Native Solution Architecture, Snyk, and Venkat Subramanian, Group Product Manager, Bitbucket   One of our goals at Atlassian is to make the software delivery and development process easier. This post explains how you can set up […]

Read More

Identifying and resolving security code vulnerabilities using Snyk in AWS CI/CD Pipeline

The majority of companies have embraced open-source software (OSS) at an accelerated rate even when building proprietary applications. Some of the obvious benefits for this shift include transparency, cost, flexibility, and a faster time to market. Snyk’s unique combination of developer-first tooling and best in class security depth enables businesses to easily build security into […]

Read More