Catching security vulnerabilities when they are running in production is too late. In this talk, we'll look at how you can proactively detect and fix security issues across the entire software development lifecycle (SDLC) of your cloud-native application - from writing the Dockerfile to running in your Kubernetes cluster.

Using open source scanners such as Trivy and Opengrep we will explore how you can scan your Dockerfiles, application code, images, Kubernetes manifests, and workloads running in your cluster to see if whether they contain vulnerabilities or adhere to best practices.

Whether you’re a developer, SRE, or security engineer, this session will provide you with tactics to shift security left.