Sysdig Integration with Backstage

Builders are steadily tasked with working with a number of instruments within the cloud-native period. Every of those instruments performs an important function within the software life cycle, from improvement to deployment and operations. Nonetheless, the sheer selection and variety of those instruments can improve the chance of errors or the unintended inclusion of essential vulnerabilities and misconfigurations.

To deal with this downside Backstage offered a complete developer portal that gives an built-in perspective on all software program sources, documentation, and instruments. It’s a one-stop-shop that helps builders handle, monitor, and doc your entire software program improvement lifecycle (SDLC). In 2023, the Cloud Native Computing Basis (CNCF) declared Backstage because the third most quickly increasing challenge of the 12 months.

Backstage as its personal, already stands out as a strong useful resource for builders and DevOps groups. Nonetheless, its utility is enormously enhanced when built-in with Sysdig, which layers further real-time insights into lively vulnerabilities, misconfigurations, and runtime behaviors.

By embedding Sysdig’s safety insights straight inside Backstage, builders acquire rapid visibility into safety considerations, considerably accelerating the time to detect and reply to points. This integration aligns with the cloud-native ethos of agility and effectivity, bringing essential safety data to the forefront of the event course of.

As we delve deeper into the advantages and workings of the Sysdig-Backstage integration, we’ll discover: 

  • How the combination accelerates situation detection by consolidating all related data in a single place.
  • How runtime insights can help builders in prioritizing susceptible packages which might be presently in use. 
  • How builders can acquire complete visibility into the whole software program improvement lifecycle (SDLC) utilizing runtime insights.
  • How this integration streamlines the method of vulnerability administration, facilitating collaboration between builders and safety groups.
  • How the combination empowers builders to take proactive accountability for software safety, minimizing the necessity for safety operations (SecOps) groups to intervene in figuring out and speaking vulnerabilities for remediation.

Let’s get began!

Backstage and Sysdig: Pillars of Trendy Growth

Backstage has emerged as a developer portal, providing a one-stop-shop for builders to entry instruments, companies, and knowledge essential to their every day duties. It was created at Spotify, after which donated to the CNCF

Earlier than Backstage, builders have been pressured to make use of many various instruments from code repositories, steady integration and supply (CI/CD) pipelines, monitoring and observability platforms, to safety scanning and compliance instruments.

The sheer quantity and number of these instruments complicate the event panorama and result in advanced, steadily handbook processes. This complexity heightens the chance of errors or oversights, considerably growing the probabilities that vulnerabilities or misconfigurations may inadvertently make their approach into manufacturing.

Backstage introduces a single-pane-of-glass that aggregates data and controls from numerous instruments. Nonetheless, the deep safety facet at construct, deploy, and runtime is important to boost its energy.

Sysdig’s Cloud Native Software Safety Platform (CNAPP) is designed to scale back the time it takes to detect and examine dangers, and reply to incidents. By integrating Sysdig with Backstage, builders can acquire entry to Sysdig’s insights on vulnerabilities, misconfigurations, and runtime behaviors straight inside their main workspace. This makes it simpler for builders to establish and deal with potential points of their functions earlier within the devops cycle.  

Sysdig integration backstage

The combination of Sysdig with Backstage considerably enhances this ecosystem by bringing visibility into software habits, safety vulnerabilities, and potential misconfigurations on to the forefront of the developer workspace.  Enriching Backstage with Sysdig’s run-time insights improves developer effectivity by permitting them to establish and remediate the very best precedence points whereas avoiding the necessity for a number of instruments, logins, and context adjustments which reduces the probabilities of errors or vulnerabilities being missed.

Sysdig integration backstage

Integrating Sysdig with Backstage 

Sysdig launched an official plugin for backstage. The plugin interacts with the Backstage backend and frontend by means of APIs which leverages annotations within the ‘catalog-info.yaml’ information of elements.

APIs: Sysdig plugin extends Backstage’s backend by way of APIs to carry out numerous operations, corresponding to fetching vulnerability scan outcomes from sysdig backend.

Annotation: Annotations are a key idea within the Backstage Catalog, used to connect metadata to entities outlined in ‘catalog-info.yaml’ information, corresponding to hyperlinks to documentation, system dependencies, and integration factors with instruments like Jenkins for CI/CD, or Sysdig for safety insights.

To put in the Sysdig plugin, please comply with the steps on this GitHub web page.  

Instance Workflow

A service is registered within the Backstage Catalog with a catalog-info.yaml file, which incorporates annotations linking to its supply code repository and different integrations. 

Including service to backstage 

Right here is an instance of a ‘catalog-info.yaml’ for a service referred to as “sock-shop-cart”. It’s linked to the supply code on GitHub repository utilizing annotation “github.com/project-slug”.

apiVersion: backstage.io/v1alpha1
form: Element
metadata:
  title: sock-shop-cart
  annotations:
    github.com/project-slug: JosephYostos/secure-inline-scan-examples
spec:
  kind: service
  lifecycle: experimental
  system: sock-shop
  proprietor: visitorsCode language: Perl (perl)

As soon as the service is added to the catalog, the sock-shop-cart might be managed from Backstage.

Sysdig integration backstage

Scanning Pictures with GitHub Actions and Sysdig 

Sysdig and Backstage additionally combine with Github Actions. Each time a commit adjustments to the code, a pipeline motion might be triggered. And the picture will then be scanned for vulnerabilities and misconfigurations by Sysdig to make sure its safety earlier than being pushed to the registry or rejected if it doesn’t move the predefined safety coverage. You’ll be able to learn extra about Sysdig and GitHub Actions integration right here.

Sysdig integration backstage

Pipeline scan 

Now, after the adjustments have been dedicated and the pipeline workflow outcomes verified, the scanning outcomes have to be checked. To facilitate this, the next annotation is added to the service.

  sysdigcloud.com/image-freetext: docker.io/josephyostos/testactionsCode language: Perl (perl)

sysdigcloud.com/image-freetext” is a free textual content question that can be utilized to seek for something within the pipeline scan outcomes. Within the given instance, the registry and picture title are outlined to acquire the picture scan outcomes for vulnerabilities and misconfigurations that has been performed through the picture construct time.

Sysdig integration backstage

Runtime Insights

As builders now grow to be chargeable for the total software lifecycle, it turned crucial to pay attention to vulnerabilities at runtime and likewise what susceptible packages are in-use. For this objective, the next annotation can be utilized to fetch the runtime scan outcomes of the sock-shop-cart software.

    sysdigcloud.com/kubernetes-namespace-name: sock-shop
    sysdigcloud.com/kubernetes-workload-name: sock-shop-carts
    sysdigcloud.com/kubernetes-workload-type: deploymentCode language: Perl (perl)

In-use data helps builders prioritize fixes for packages which might be truly loaded in reminiscence and pose a excessive threat.

Sysdig integration backstage

Safe extra

Sysdig gives curated annotations permitting builders detailed views into the potential dangers related to their present construct. For instance, along with what we’ve talked about, software house owners can fetch registry scanning outcomes, compliance studies, and extra.

All of the obtainable annotations from Sysdig can be found on this supply file

Right here is an instance of how the ‘catalog-info.yaml’ will appear like on the finish.

apiVersion: backstage.io/v1alpha1
form: Element
metadata:
  title: sock-shop-cart
  annotations:
    github.com/project-slug: JosephYostos/secure-inline-scan-examples
    sysdigcloud.com/image-freetext: docker.io/josephyostos/testactions
    
    
    sysdigcloud.com/kubernetes-namespace-name: sock-shop
    sysdigcloud.com/kubernetes-workload-name: sock-shop-carts
    sysdigcloud.com/kubernetes-workload-type: deployment
    
    sysdigcloud.com/registry-vendor: harbor
    sysdigcloud.com/registry-name: registry-harbor-registry.registry.svc.cluster.native:5443
    
    sysdigcloud.com/resource-name: sock-shop-carts

spec:
  kind: service
  lifecycle: experimental
  system: sock-shop
  proprietor: visitorsCode language: Perl (perl)

Conclusion

The combination of Sysdig with Backstage marks a pivotal development within the cloud-native improvement panorama. With this integration, software program builders now have a centralized hub to handle, observe, and defend their functions. By making important safety data readily accessible, it empowers builders to proactively handle software safety, lowering the dependency on Safety Operations groups to establish and relay vulnerabilities for decision.

Consequently, this integration not solely enhances developer effectivity but in addition accelerates the identification and mitigation of potential points, reinforcing a tradition of safety and agility in cloud-native software improvement.

Recent articles

Meta Fined €251 Million for 2018 Knowledge Breach Impacting 29 Million Accounts

Dec 18, 2024Ravie LakshmananKnowledge Breach / Privateness Meta Platforms, the...

Hackers Use Pretend PoCs on GitHub to Steal WordPress Credentials, AWS Keys

SUMMARY Pretend PoCs on GitHub: Cybercriminals used trojanized proof-of-concept (PoC)...

LEAVE A REPLY

Please enter your comment!
Please enter your name here