Using SBOMs and Cilium in legacy and cloud native applications to trace down vulnerabilities
Esra Siegert
Sebastian Graf
16:00 - 16:45
Uptown
In the last years and months supply chain security became crucial. In the cloud-native ecosystem, reacting to vulnerabilities is a challenge, however supported by tools from the vibrant ecosystem: We have the mechanism at hand to know exactly which software we are using and how to react to upcoming vulnerabilities. Nevertheless, our approach goes one step further: Based on existing and well established cloud-native tools, we developed a framework for tracing network traffic between services and enrich these traces with SBOM information. This approach is extended to also generate insights from static legacy infrastructure. Resulting traces are providing a holistic view over entire architectures: from pods in Kubernetes clusters to legacy JEE applications. Security incidents generated by upcoming vulnerabilities can thereby also be handled by our architecture: In the future we extend this approach to provide platforms not only transparency spanning over the legacy and the cloud world. Network Policies in Cilium will also enable platform owners to automatically handle compromised network traffic.