1、2024 Cloud Native Security ReportHow Organizations Are Addressing Security for Cloud Native Application DevelopmentStephen Hendrick,The Linux Foundation Adrienn Lawson,The Linux Foundation Jeffrey Sica,The Linux FoundationForeword by Eddie Knight,SonatypeOctober 2024Copyright 2024 The Linux Foundati

2、on|October 2024.This report is licensed under the Creative Commons Attribution-NoDerivatives 4.0 International Public License2024 Cloud Native Security Report49%of organizations use CI/CD security testing on every update.The#1 security assessment growth area:vulnerability scanning and remediation.of

3、 respondents report that manual code reviews are either extremely important or important.67%of respondents use CNCF webinars/workshops&confer-ences to stay informed about cloud native security tools&updates.65%of respondents rely on CNCF best practices to make progress in securing their cloud native

4、 applications.51%of organizations use manual code reviews to assess security on every update.40%of organizations experience cloud infra-structure and services security incidents.76%of organizations report much or nearly all their application development is cloud native.84%of organizations report the

5、ir cloud native applications are more secure than they were two years ago.63%of organizations are using static application security testing(SAST)tools.The#1 challenge in securing cloud native applications:the complexity of software and infrastructure.The#1 vendor challenge in securing cloud native a

6、pplications:keeping up with emerging threats.84%Vulnerability scanning,automated security testing,and CI/CD security are a fast path to improved security.18Verification of the leading cloud native security strategies.20Webinars and conferences are the primary sources for staying informed about CNCF