OTHER DATA PROTECTION CASE STUDIES
Customer is a leading SaaS based Application security solution provider
Client requested for the development of a certified CircleCI plugin that would scan IaC (Infrastructure as code) templates and container images during CircleCI pipelines
Sacumen developed the certified CircleCI plugin that scans the IaC templates and container images. Purpose is to identify the insecure configurations in common Infrastructure-as-Code (IaC) templates – for example, AWS Cloud Formation Templates, Terraform templates, Kubernetes App Deployment YAML files and identify vulnerabilities in container images.
The plugin was packaged in CircleCI orbs format and the shell script was written to perform actual processing.
Plugin made REST API calls to the platform for scan.
When User creates a custom task to embed this functionality in their CircleCI pipeline, he can specify the build or pipeline failure criteria based on the severity of the security issues that are identified.
Scan results are displayed to User.