利用 Amazon ECR 保障和优化您的软件供应链.pdf

《利用 Amazon ECR 保障和优化您的软件供应链.pdf》由会员分享，可在线阅读，更多相关《利用 Amazon ECR 保障和优化您的软件供应链.pdf（20页珍藏版）》请在三个皮匠报告上搜索。

1、 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.C N S-3 3 2Securing and optimizing your software supply chain with Amazon ECRMeg Sarros(she/her)Senior Product Manager,ECRAmazon Web ServicesAlex Waddell(he/him)Sr.E

2、MEA Security Solutions ArchitectAmazon Web Services 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.What is Container Supply Chain Security?Source CodeRepositoryImageRegistryDeployProtectDetectRespond 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Whats the pro

3、blem?49%Keeping up with emerging threats35%Secure deployment issues40%Security issues happen in cloud infra&servicesCNCF 202423%happen in application runtime 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Log4j Mo

4、nthly Central Downloads2.3.1+2.12.1+2.15.02.16.02.17.0+2.18.02.19.02.20.0Other versionJanuary 22MarchMayJulySeptemberNovemberJanuary 23MarchJulySeptemberNovemberJanuary 2MarchMayMay15,000,00010,000,0005,000,0000Central DownloadsA story of failure30%of log4j downloads arestill vulnerable6Source:https

5、:/ 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.DevelopBuildDeployRunProcesses 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Container supply chain architecture 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.AWS CloudCommitPublic registr

6、yAmazon ECR private registryImage pullAmazon Elastic Kubernetes Service(EKS)Source Code repoCI/CD pipelineAmazon InspectorSlimDeploy/GitOpsBuildScan SBOMScan SBOMMap deployed containers to vulnerable imagesContinuously monitor for zero-day vulnerabilitiesAmazon GuardDutyAWS Security HubCloudWatchClo