Understanding continuous security concepts
One of the key approaches to emerge out of DevOps is the idea of immutable infrastructure. It means that every time there needs to be a runtime change, either in application code or configuration, the containers are built and deployed again and the existing running ones are torn down.
Since that allows for predictability, resilience, and simplifies deployment choices at runtime, it is no surprise that many operations teams are moving toward it. With that comes the question of when these containers should be tested for security and compliance. By embracing the process of continuous security scanning and monitoring, as discussed in this chapter, you can automate for a variety of workloads and workflows.