Skip to main content

Securing 4 C's of a Software Product - AWS Edition

Practical Product Security by @salecharohit

Start Securing your Software Product 馃敀

The 4 C's of a Software Product 馃ぉ


Code

Integrate static application security testing (SAST) and secrets scanning into the CI/CD pipeline using open-source tools like Semgrep, Dependency-Checker, and GitLeaks with GitHub Actions

Container

Set up AWS ECR and IAM Role for service account access using OIDC, ensure Dockerfile security best practices, validate them with Semgrep, and build and scan secure Docker images with Trivy in GitHub Actions

Cluster

Enforce Kubernetes RBAC for secure access, manage and encrypt secrets using AWS Secrets Manager and KMS, implement runtime security with Kyverno, and restrict pod communications using network security policies with Calico.

file_type_aws

Cloud

Enforce encryption and permissions with SCPs, implement Terraform runtime security with OPA, configure AWS Organization with dev, prod, and identity accounts, set up IAM roles with MFA, enable cross-account access, and create a multi-account CI/CD pipeline in GitHub Actions using OIDC.