Continuous OpenAPI Security Tests on K8s with Testkube and ZAP

DevSecCon Lightning, Dezember 2022 (Mario-Leander Reimer) Slides ansehen. Aufzeichnung ansehen.

Continuous delivery is everywhere. Really?! Many teams still struggle to deliver well-tested and secure product increments on a regular basis. Usually with the same old excuse: the (non)-functional tests are too complex and too expensive to implement thoroughly. But exactly the opposite is the case!

In this talk, we briefly review the importance of early and regular testing of cloud-native applications and explain why monolithic CI pipelines are a dead end. We then show how easy it is to run security tests continuously and event-triggered using ZAP and Testkube directly on your Kubernetes cluster against your microservice OpenAPIs, fully integrated with a GitOps approach.