The container1 space is fast paced. Releases are quick, architectures are continually integrated, and software versions are regularly pushed. Traditional security practices will not be able to keep up.
This highlights the importance of DevSecOps principles for DevOps teams, as containers overturn more conventions and assume more roles that are critical to organizations. Rapid development cycles may leave little room for security and vulnerability testing and an application may now require an organization to secure hundreds of containers, spread across multiple virtual machines in different cloud service platforms.
Needless to say, organizations will have their hands full with issues in different components of the container architecture, including vulnerabilities in runtimes (e.g. Docker®, CRI-O, Containerd, and runC2 ), orchestrators (e.g. Kubernetes®), and build environments (e.g. Jenkins®). Attackers will find ways to take advantage of any weak link to compromise the DevOps pipeline.
