# What you'll learn

After watching this video, you will be able to: 
* Describe threat monitoring. 
* Explain repository scanning. 
* Explain container scanning. 

# What is threat monitoring?

Threat monitoring is scanning code repositories and containers to find security issues. 

Password mishandling, protocol insecurities, and incorrect permissions are examples of issues that you can discover with threat monitoring.

# Where does threat monitoring belong in the software development lifecycle (or SDLC)?

![image.png](attachment:cba486e3-c018-4cfc-883b-bb53a0a60d16.png)

* Actually, you integrate threat monitoring in three stages of the SDLC.
* So, it takes place during the Develop stage, the Test stage, and the Deploy stage.
* Using code scanning in integrated development environments (or IDEs) and source control management (or SCM) tools supports the SDLC by integrating security checks from development to deployment.
* Code scanning tools reference databases that store security threats and vulnerabilities such as the Open Web Application Security Project (or OWASP) Top 10.png)

# Code Checking

* To perform threat monitoring, you can use code checker tools.
* A code checker scans source code for any security issues and vulnerabilities, which will alert you to coding problems.
* Code checkers analyze code to find issues in attributes like coding syntax, style, and documentation.
* Code checkers provide insights into where to fix issues in the code.
* So, using a code checker helps you develop secure code and improve quality in your application.

# Scanning repository

* You can integrate threat monitoring into your code repositories.
* Because repositories are often collaborative and open source, they carry a significant risk of security threats and vulnerabilities.
* Integrating threat monitoring with code repositories enables code scanning of source code management tools such as GitHub.
* You can leverage code project monitoring that can generate automatic “fix” pull requests while scanning code repositories.
* Code scanners provide vulnerability reporting and insights after they scan code in your repositories.
* They also scan and test every pull request for security vulnerabilities.
* And sign commits with a public encryption or pretty good privacy (PGP) key as verification of trusted sources.

# Scanning Containers

* Another type of threat monitoring is container scanning, which is the process of scanning container images that contain code.
* Containers are packages of application code and their packaged library dependencies.
* Because containers have dependencies, they are exposed to security vulnerabilities from external sources.
* Container scanning scans code deployed to containers, which may contain vulnerabilities and security threats.
* Because container images are usually built from other container images that may have vulnerabilities, container scanning must include not only the base image but all the other layered container images as well.
* Monitoring all container images helps reduce security risks.

# Summary

In this video, you learned that: 
* Threat monitoring is scanning code repositories and containers to find security issues. 
* Threat monitoring occurs in the Develop, Test, and Deploy stages of the SDLC. 
* A code checker scans source code for security issues. 
* Integrating threat monitoring with repositories enables code scanning with SCM tools.