Building a practical DevSecOps pipeline for free

Jeff Williams - CTO Contrast Security - Speaker DevSecOps Conference
11 Sep 2018
15:10 - 15:50
Guastavino Room

Building a practical DevSecOps pipeline for free

DevSecOps isn’t just smearing traditional security lipstick on DevOps. Terms like “shift left” and “security as code” are great in concept, but there is very little practical guidance on how to achieve them. In this talk, we’ll break down the core DevSecOps cycle (Analyze, Secure, Verify, Defend) and explore a number of additional practices. Then we’ll build and demonstrate an effective, scalable DevSecOps pipeline using *free* tools. We’ll use interactive testing tools to detect vulnerabilities and deliver them to developers in real time through the tools they are already using. We’ll also set up runtime protection to prevent exploits and and enable application visibility in the SOC. We’ll extend our pipeline to include notification and protection for open source security. Anyone building software can adopt this blueprint and adapt it to the way that they build software.

Get ticket

This website uses cookies to ensure you get the best experience on our website More info

The cookie settings on this website are set to "Got it!" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close