8.1 Shift Left Security
Shift left security is the practice of moving security testing and controls to the earlier stages of the software development lifecycle (SDLC).
8.2 Container Security
Securing container images and runtime environments. Tools like Trivy and Clair for scanning images for vulnerabilities.
8.3 IAM & Least Privilege
Identity and Access Management (IAM) is a framework of policies and technologies for ensuring that the right users have the appropriate access to technology resources. The principle of least privilege states that a user should be given the minimum levels of access – or permissions – needed to perform his/her job functions.
8.4 Secrets Management
Managing sensitive information such as passwords, API keys, and certificates. Tools like HashiCorp Vault and AWS Secrets Manager.
🎯 Practical Exercise
Integrate a container image vulnerability scanner (like Trivy) into a CI/CD pipeline.