Supporting continuous vulnerability compliance through automated identity provisioning.

Abstract

Most applications will exhibit vulnerabilities that impact their availability, integrity, or con identiality during their life cycle. Nevertheless, the leading cause for such vulnerabilities is not the application itself but its dependencies. Continuous compliance processes often perform vulnerability assessment to prevent compliance breaches during a CI/CD pipeline. However, current proposals do not extend beyond the pipeline and thus do not take into ac count incident response when dynamic aspects change, such as newfound vulnerabilities on deployed applications. In this work, we leverage Zero Trust to continuously assess vulner ability compliance and isolate workloads that do not conform to a minimum vulnerability posture. Our approach builds on top of SPIRE, a selective identity provider, and integrates incident response caused by dynamic aspects to continuous compliance.