Today we’re starting a blog series focused on how to integrate Qualys solutions into DevSecOps for securing cloud infrastructures. In this initial post, we’ll discuss the importance of assessing vulnerabilities and misconfigurations on AWS pipelines.
When developing golden Amazon Machine Images (AMIs), DevOps teams should run continuous and automated checks to eliminate vulnerabilities and misconfigurations in them. It’s a critical security and compliance practice that Qualys recommends its customers adopt.
To that end, Qualys partnered with Amazon to integrate the AWS Golden Amazon Machine Image Pipeline reference architecture with Qualys scanners for vulnerability and configuration compliance assessment.
The result: Qualys has just published a GitHub repository and documentation for implementing Qualys scanning of instances in a golden AMI pipeline. This will help customers detect and fix critical vulnerabilities and compliance issues in the image creation pipeline, before they reach production environments.