Quick Clip: Deepfactor Runtime Security Alerts for DevOps Teams


In the runtime, we’ve also, we talked earlier about development specific alerts that are generated. We talked about network based alerts that are generated. There’s also some stuff from a DevOps perspective. So here we can see that there’s risky environment variables that are being exposed as part of the container. So again, this is bad. So if this container were to get compromised, the environment variable would contain information such as the Postgres password, public key pass for things like S3 buckets, et cetera. So again, we want to make sure that we’re providing full visibility to both the developer, as well as the DevOps team, and then we provide a resolution. So, for example, ensure that all these variables are stored in a vault.