Running Trusted Payloads with Nomad
and Waypoint
Things like Infrastructure as Code, Service Discovery and Config Management can and have helped us to quickly build and rebuild infrastructure but we haven't nearly spend enough time to train our self to review, monitor and respond to outages.
Things like Infrastructure as Code, Service Discovery and Config Management can and have helped us to quickly build and rebuild infrastructure but we haven't nearly spend enough time to train our self to review, monitor and respond to outages.
With the the introduction of CI/CD best practices into our day to day workflows we protect ourselves for introducing "bad" code into
https://events.hashicorp.com/hashitalksdeploy production and exposing flaws to our (end-)users. But what about influences from bad actors in- and out-side our projects. This talk will focuss on the addtional steps we can add to our Waypoint build pipelines to also protect ourselves to so called supply chain attacks while running our jobs in Nomad. We ll discuss scanning for vulnerabilities in incoming code, packages and images and signing the content artifacts we trust before exposing them to our users.
https://events.hashicorp.com/hashitalksdeploy production and exposing flaws to our (end-)users. But what about influences from bad actors in- and out-side our projects. This talk will focuss on the addtional steps we can add to our Waypoint build pipelines to also protect ourselves to so called supply chain attacks while running our jobs in Nomad. We ll discuss scanning for vulnerabilities in incoming code, packages and images and signing the content artifacts we trust before exposing them to our users.