Datadog Report Examines DevSecOps Best Practices

By

Learn how to mitigate common risks.

The recently released State of DevSecOps report from Datadog analyzed thousands of applications and container images to “evaluate the adoption of best practices that are at the core of DevSecOps — infrastructure as code, automated cloud deployments, secure application development practices, and the usage of short-lived credentials in CI/CD pipelines.”

Key takeaways from the report include:

  • 90 percent of Java services are vulnerable to one or more critical or high-severity vulnerabilities introduced by a third-party library, versus an average of 47% for other technologies.
  • The smaller a container image is, the fewer vulnerabilities it is likely to have. According to the report, container images smaller than 100 MB had 4.4 high or critical vulnerabilities, versus 42.2 for images between 250 and 500 MB, and almost 80 for larger images.
  • Leaks of long-lived credentials are a common cause of data breaches, making the use of short-lived credentials for CI/CD pipelines critical to securing a cloud environment. However, the report states that “a substantial number of organizations continue to rely on long-lived credentials in their AWS environments.”

See more information at Datadog.
 
 
 

 
 
 

05/09/2024
automation , cloud , containers , data , development , DevSecOps , vulnerabilities

Related content

  • News for Admins
    In the news: DHS Releases New Guidelines for Securing Critical Infrastructure; Datadog Report Examines DevSecOps Best Practices; Upskilling Key to Tech Staffing Challenges, Says LF Survey; 2024 Open Source Pros Job Survey Report Released; OpenSSF Issues Guidance to Help Prevent Social Engineering Attacks; Black Duck Supply Chain Edition Released by Synopsys; Spectra Logic Announces New Tape Libraries and Management Software; LPI Launches Open Source Essentials Program; Apache Software Foundation Celebrates 25 Years; SUSE Announces Rancher Prime 3.0; NSA Issues Zero Trust Guidelines for Network Security; and NIST Releases Major New Version of Cybersecurity Framework.
    more »
  • Photo by Félix Prado on Unsplash
    Build a secure development and production pipeline
    We investigate best practices to secure CI/CD pipelines with DevSecOps.
    more »
  • Lead Image © Aleksey Mnogosmyslov, 123RF.com
    DevSecOps with DefectDojo
    The DefectDojo vulnerability management tool helps development teams and admins identify, track, and fix vulnerabilities early in the software development process.
    more »
  • © bluebay, 123RF.com
    Throw Down the Gauntlet
    Gauntlt is a sophisticated DevOps tool that can test the security of your continuous integration/continuous delivery pipeline.
    more »
  • Lead Image © bluebay, 123RF.com
    Security as Code
    Gauntlt is a sophisticated DevOps tool that can test the security of your continuous integration/continuous delivery pipeline.
    more »
comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Most Popular

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”> </a> <hr> </div> </div> <div class=