From Edge to Cloud: Securing Distributed Containerized Applications

The adoption of containers in complex software systems is rapidly increasing, due to their flexibility that facilitates integration, scalability, and dynamic deployment. However, assessing the security of container-based applications remains challenging in distributed and heterogeneous environments: the scale and diversity of deployment scenarios call for sophisticated security evaluation and verification techniques. In this paper, we present Project SECCO, whose aim is to develop an innovative framework for the systematic integration of security assessment services into the Continuous Integration and Continuous Delivery (CI/CD) DevOps pipeline. The framework orchestrates automatic services to prevent and reduce vulnerabilities in the design, implementation, and deployment phases, and to mitigate runtime attacks. This allows developers and IT operators to focus on integration and delivery, reducing security management tasks. Finally, the paper highlights the main research challenges for realizing this vision.