SlideShare ist ein Scribd-Unternehmen logo

Scale DevSecOps with your Continuous Integration Pipeline

DevOps.com
DevOps.com

Hear from AppSec and Development leaders on how they apply the principles of DevOps to deliver secure products and services to customers. Learn how you can scale your DevSecOps initiatives to reduce time-to-deployment and lower costs as you deliver secure software. During this webinar, you will learn about the latest tools and techniques that will enable your development teams to embed security scanning into your IDE as you are coding, returning most scans in seconds – all while integrating into your CI pipeline. Our speaker will provide: An overview of Veracode Greenlight and its integrations with developer tools; A summary of recent Greenlight use cases and successes; Examples of how Greenlight integrates into your CI pipeline

Technologie
1 von 36
Downloaden Sie, um offline zu lesen
© 2019 VERACODE INC.1 © 2019 VERACODE INC. Scale DevSecOps with your Continuous Integration Pipeline Presented by DevOps.com and Veracode
© 2019 VERACODE INC.2 Today’s Presenters Janet Worthington Principal Product Manager Vineeta Puranik Vice President of Engineering and Operations
© 2019 VERACODE INC.3 Audience Poll What is your role on the team? • Developer • Developer in Test • Security • DevOps • Manager
© 2019 VERACODE INC.4 What is Dev(Sec)Ops? • “DevOps is the practice of operations and development engineers participating together in the entire service lifecycle, from design through the development process to production support.” • “DevOps is also characterized by operations staff using many of the same techniques as developers for their systems work.” Source : ‘What Is DevOps?’ 2010. The Agile Admin. August 2. https://theagileadmin.com/what-is-devops/
© 2019 VERACODE INC.5 DevSecOps: Shift in culture Dev Sec Ops Work in small batches Automate when possible Security controls: automate Trust: Safe to fail Fast delivery to customers Collaborate Feedback Learn
© 2019 VERACODE INC.6 Metrics to measure Source: DORA: 2018 State of DevOps Report
© 2019 VERACODE INC.7 DevOps allows teams to deploy code daily/hourly, reduce lead time for changes, reduce time to restore service and minimize the impact of new changes on production. Source: DORA: 2018 State of DevOps Report
© 2019 VERACODE INC.8 Work Flow cycle: Agile Development Team • Dev, QA, IT, Ops, UX, Security – cross functional teams collaborate to achieve common organizational goal • Less friction, more velocity – Work flows smoothly through entire value stream to customer • Plan, code, Test – Agile – Modular – Automate • Small continuous deploys • Infrastructure as code Recommended book DevOps Handbook by Gene Kim
© 2019 VERACODE INC.9 Software Deployment CICD • Promote code early and often Test early and often, including security issues • Continuous integration, builds, and tests • Fast and reliable automation test suites • Package once, deploy anywhere • Canary or blue green deployments
© 2019 VERACODE INC.10 Software Availability: Operations • Monitoring- server, app performance • Continuous Feedback, Learning • Experiment: Fail fast; learn fast • Testing Operations Security – everyone’s job everyday • Increased awareness of production issues
© 2019 VERACODE INC.11 DevSecOps Best Practices Source: Veracode: The Developer’s Guide to the DevSecOps Galaxy
© 2019 VERACODE INC.12 Benefits of DevSecOps for Developers Source: Stripe: The Developer Coefficient, Sept 2018 Source: Puppet: 2016 State of DevOps Report
© 2019 VERACODE INC.13 Source: Veracode: State of Software Security Volume 9
© 2019 VERACODE INC.14 Security Throughout The Lifecycle Static Policy Speed & Prevention Coverage & Remediation Is the Application Secure? Is My Code Secure? Is Our Combined Code Secure? Static SandboxGreenlight JAVA JAVA
© 2019 VERACODE INC.15 Greenlight Helps developers answer the question – “Is my code good?” Continuous Flaw Feedback Fast, Early, Focused scans of code that a developer is currently working on Secure Coding Education Remediation guidance provided directly to the Developer to assist with quick fixes  Reduce the number of flaws entered into downstream activities  Maintain development velocity  Improve adoption with tools that work the way developers expect them to
© 2019 VERACODE INC.16 Greenlight Where You Want It IDE Build CI RAD
© 2019 VERACODE INC.17 Code Code Continuous Testing Pipeline Functional Tests / Integration Tests / Performance Tests + Static Sandbox DevSecOps: Scan Early, Scan Often Continuous Integration Pipeline Build / Unit Test / Code Quality / Code Review + Greenlight API Continuous Delivery Pipeline Stage/ UAT/ Final Validation / Deploy + Static Policy Continuous Development Code / Compile / Debug / Unit Test / Commit + Greenlight IDE
© 2019 VERACODE INC.18 CI CD Workflow Example
© 2019 VERACODE INC.19 Continuous Integration Pipelines
© 2019 VERACODE INC.20 Dev Env: Write, Commit and Push
© 2019 VERACODE INC.21 Feature Branch Pipeline: Failed scan new/changed files Greenlight
© 2019 VERACODE INC.22 Greenlight Scan: Summary Results
© 2019 VERACODE INC.23 Greenlight JSON Results Archive Greenlight results JSON file with scan details is archived to: gl-scanner-java_<projectref-commithash>_greenlight-results.zip
© 2019 VERACODE INC.24 Dev Env: Fix, Commit and Push
© 2019 VERACODE INC.25 Feature Branch Pipeline: Success Greenlight scan new/changed files
© 2019 VERACODE INC.26 Feature Branch: Merge Request
© 2019 VERACODE INC.27 Feature Branch: Merge Approval
© 2019 VERACODE INC.28 Continuous Integration Succeeds, Continuous Test Triggered Tag for Release
© 2019 VERACODE INC.29 Continuous Test Succeeds & Continuous Delivery Triggered Veracode Static Scan Project Deploy
© 2019 VERACODE INC.30 Pipeline Configuration Code .gitlab-ci.yml Greenlight CI Tool
© 2019 VERACODE INC.31 DevSecOps Examples
© 2019 VERACODE INC.32 Veracode integrated into pipeline. Greenlight stage runs after Code Quality testing. Veracode Static Scan is run on a nightly scheduled pipeline. Example#1: Veracode in CI/CD Pipeline
© 2019 VERACODE INC.33 Veracode integrated into pipeline. The Veracode stage executes Greenlight on feature or dev branch. On a master branch, the Veracode Stage uploads the whole application to Static. Example#2: Veracode in CI/CD Pipeline
© 2019 VERACODE INC.34
© 2019 VERACODE INC.35 DevSecOps Resources Kim, Gene, Patrick Debois, and John Willis. 2016. The Devops Handbook: How to Create World- Class Agility, Reliability, and Security in Technology Organizations Veracode Helps Developers Find Security Flaws Faster Using AWS. 2017. AWS. https://aws.amazon.com/sol utions/case- studies/veracode/ State of Software Security. Volume 9. Veracode. https://www.veracode.com /state-of-software-security- report The Developers Guide To The DevSecOps Galaxy. 2017. Veracode. https://info.veracode.com /guide-developers-to- devsecops-galaxy.html ‘2018 Accelerate: State of DevOps Report’. 2018. Dora. https://cloudplatformonline. com/rs/248-TPC- 286/images/DORA- State%20of%20DevOps.pdf
© 2019 VERACODE INC.36 Thank You

Empfohlen

DevSecOps Singapore 2017 - Security in the Delivery Pipeline
DevSecOps Singapore 2017 - Security in the Delivery PipelineDevSecOps Singapore 2017 - Security in the Delivery Pipeline
DevSecOps Singapore 2017 - Security in the Delivery PipelineJames Wickett
 
DevSecOps, An Organizational Primer - AWS Security Week at the SF Loft
DevSecOps, An Organizational Primer - AWS Security Week at the SF LoftDevSecOps, An Organizational Primer - AWS Security Week at the SF Loft
DevSecOps, An Organizational Primer - AWS Security Week at the SF LoftAmazon Web Services
 
Dev secops. Real experience.
Dev secops. Real experience.Dev secops. Real experience.
Dev secops. Real experience.Vitaly Balashov
 
Scale DevSecOps with your Continuous Integration Pipeline
Scale DevSecOps with your Continuous Integration Pipeline Scale DevSecOps with your Continuous Integration Pipeline
Scale DevSecOps with your Continuous Integration Pipeline DevOps.com
 
Microsoft DevOps Forum 2021 – DevOps & Security
Microsoft DevOps Forum 2021 – DevOps & Security Microsoft DevOps Forum 2021 – DevOps & Security
Microsoft DevOps Forum 2021 – DevOps & SecurityNico Meisenzahl
 
The DevSecOps Builder’s Guide to the CI/CD Pipeline
The DevSecOps Builder’s Guide to the CI/CD PipelineThe DevSecOps Builder’s Guide to the CI/CD Pipeline
The DevSecOps Builder’s Guide to the CI/CD PipelineJames Wickett
 
DevSecOps reference architectures 2018
DevSecOps reference architectures 2018DevSecOps reference architectures 2018
DevSecOps reference architectures 2018Sonatype
 
The New Security Playbook: DevSecOps
The New Security Playbook: DevSecOpsThe New Security Playbook: DevSecOps
The New Security Playbook: DevSecOpsJames Wickett
 

Empfohlen

DevSecOps Singapore 2017 - Security in the Delivery Pipeline
DevSecOps Singapore 2017 - Security in the Delivery PipelineDevSecOps Singapore 2017 - Security in the Delivery Pipeline
DevSecOps Singapore 2017 - Security in the Delivery PipelineJames Wickett
 
DevSecOps, An Organizational Primer - AWS Security Week at the SF Loft
DevSecOps, An Organizational Primer - AWS Security Week at the SF LoftDevSecOps, An Organizational Primer - AWS Security Week at the SF Loft
DevSecOps, An Organizational Primer - AWS Security Week at the SF LoftAmazon Web Services
 
Dev secops. Real experience.
Dev secops. Real experience.Dev secops. Real experience.
Dev secops. Real experience.Vitaly Balashov
 
Scale DevSecOps with your Continuous Integration Pipeline
Scale DevSecOps with your Continuous Integration Pipeline Scale DevSecOps with your Continuous Integration Pipeline
Scale DevSecOps with your Continuous Integration Pipeline DevOps.com
 
Microsoft DevOps Forum 2021 – DevOps & Security
Microsoft DevOps Forum 2021 – DevOps & Security Microsoft DevOps Forum 2021 – DevOps & Security
Microsoft DevOps Forum 2021 – DevOps & SecurityNico Meisenzahl
 
The DevSecOps Builder’s Guide to the CI/CD Pipeline
The DevSecOps Builder’s Guide to the CI/CD PipelineThe DevSecOps Builder’s Guide to the CI/CD Pipeline
The DevSecOps Builder’s Guide to the CI/CD PipelineJames Wickett
 
DevSecOps reference architectures 2018
DevSecOps reference architectures 2018DevSecOps reference architectures 2018
DevSecOps reference architectures 2018Sonatype
 
The New Security Playbook: DevSecOps
The New Security Playbook: DevSecOpsThe New Security Playbook: DevSecOps
The New Security Playbook: DevSecOpsJames Wickett
 
Defining DevSecOps
Defining DevSecOpsDefining DevSecOps
Defining DevSecOpsUchit Vyas ☁
 
Benefits of DevSecOps
Benefits of DevSecOpsBenefits of DevSecOps
Benefits of DevSecOpsFinto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
Dos and Don'ts of DevSecOps
Dos and Don'ts of DevSecOpsDos and Don'ts of DevSecOps
Dos and Don'ts of DevSecOpsPriyanka Aash
 
Maturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High ImpactMaturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High ImpactSBWebinars
 
DevSecOps for the DoD
DevSecOps for the DoDDevSecOps for the DoD
DevSecOps for the DoDJamesHarmison
 
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA ProgramAppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA ProgramDenim Group
 
Take Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps ProgramTake Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps ProgramDeborah Schalm
 
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
Strengthen and Scale Security Using DevSecOps - OWASP IndonesiaStrengthen and Scale Security Using DevSecOps - OWASP Indonesia
Strengthen and Scale Security Using DevSecOps - OWASP IndonesiaMohammed A. Imran
 
Secure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceSecure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceTej Luthra
 
DevSecOps The Evolution of DevOps
DevSecOps The Evolution of DevOpsDevSecOps The Evolution of DevOps
DevSecOps The Evolution of DevOpsMichael Man
 
10 things to get right for successful dev secops
10 things to get right for successful dev secops10 things to get right for successful dev secops
10 things to get right for successful dev secopsMohammed Ahmed
 
Release Your Inner DevSecOp
Release Your Inner DevSecOpRelease Your Inner DevSecOp
Release Your Inner DevSecOpJames Wickett
 
The State of DevSecOps
The State of DevSecOpsThe State of DevSecOps
The State of DevSecOpsDevOps Indonesia
 
Barriers to Container Security and How to Overcome Them
Barriers to Container Security and How to Overcome ThemBarriers to Container Security and How to Overcome Them
Barriers to Container Security and How to Overcome ThemWhiteSource
 
DevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss BankingDevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss BankingAarno Aukia
 
Automating Security Compliance on AWS with DevSecOps
Automating Security Compliance on AWS with DevSecOpsAutomating Security Compliance on AWS with DevSecOps
Automating Security Compliance on AWS with DevSecOpsTushar Gupta
 
DevOps or DevSecOps
DevOps or DevSecOpsDevOps or DevSecOps
DevOps or DevSecOpsMichelangelo van Dam
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOpsSetu Parimi
 
Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Mohammed A. Imran
 
DevSecOps 101
DevSecOps 101DevSecOps 101
DevSecOps 101Narudom Roongsiriwong, CISSP
 
Enterprise DevOps Series: Using VS Code & Zowe
Enterprise DevOps Series: Using VS Code & ZoweEnterprise DevOps Series: Using VS Code & Zowe
Enterprise DevOps Series: Using VS Code & ZoweDevOps.com
 
How to get the best out of DevSecOps - an operations perspective
How to get the best out of DevSecOps - an operations perspectiveHow to get the best out of DevSecOps - an operations perspective
How to get the best out of DevSecOps - an operations perspectiveColin Domoney
 

Weitere ähnliche Inhalte

Was ist angesagt?

Dos and Don'ts of DevSecOps
Dos and Don'ts of DevSecOpsDos and Don'ts of DevSecOps
Dos and Don'ts of DevSecOpsPriyanka Aash
 
Maturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High ImpactMaturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High ImpactSBWebinars
 
DevSecOps for the DoD
DevSecOps for the DoDDevSecOps for the DoD
DevSecOps for the DoDJamesHarmison
 
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA ProgramAppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA ProgramDenim Group
 
Take Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps ProgramTake Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps ProgramDeborah Schalm
 
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
Strengthen and Scale Security Using DevSecOps - OWASP IndonesiaStrengthen and Scale Security Using DevSecOps - OWASP Indonesia
Strengthen and Scale Security Using DevSecOps - OWASP IndonesiaMohammed A. Imran
 
Secure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceSecure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceTej Luthra
 
DevSecOps The Evolution of DevOps
DevSecOps The Evolution of DevOpsDevSecOps The Evolution of DevOps
DevSecOps The Evolution of DevOpsMichael Man
 
10 things to get right for successful dev secops
10 things to get right for successful dev secops10 things to get right for successful dev secops
10 things to get right for successful dev secopsMohammed Ahmed
 
Release Your Inner DevSecOp
Release Your Inner DevSecOpRelease Your Inner DevSecOp
Release Your Inner DevSecOpJames Wickett
 
Barriers to Container Security and How to Overcome Them
Barriers to Container Security and How to Overcome ThemBarriers to Container Security and How to Overcome Them
Barriers to Container Security and How to Overcome ThemWhiteSource
 
DevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss BankingDevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss BankingAarno Aukia
 
Automating Security Compliance on AWS with DevSecOps
Automating Security Compliance on AWS with DevSecOpsAutomating Security Compliance on AWS with DevSecOps
Automating Security Compliance on AWS with DevSecOpsTushar Gupta
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOpsSetu Parimi
 
Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Mohammed A. Imran
 

Was ist angesagt? (20)

Defining DevSecOps
Defining DevSecOpsDefining DevSecOps
Defining DevSecOps
 
Benefits of DevSecOps
Benefits of DevSecOpsBenefits of DevSecOps
Benefits of DevSecOps
 
Dos and Don'ts of DevSecOps
Dos and Don'ts of DevSecOpsDos and Don'ts of DevSecOps
Dos and Don'ts of DevSecOps
 
Maturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High ImpactMaturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High Impact
 
DevSecOps for the DoD
DevSecOps for the DoDDevSecOps for the DoD
DevSecOps for the DoD
 
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA ProgramAppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
 
Take Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps ProgramTake Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps Program
 
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
Strengthen and Scale Security Using DevSecOps - OWASP IndonesiaStrengthen and Scale Security Using DevSecOps - OWASP Indonesia
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
 
Secure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceSecure DevOPS Implementation Guidance
Secure DevOPS Implementation Guidance
 
DevSecOps The Evolution of DevOps
DevSecOps The Evolution of DevOpsDevSecOps The Evolution of DevOps
DevSecOps The Evolution of DevOps
 
10 things to get right for successful dev secops
10 things to get right for successful dev secops10 things to get right for successful dev secops
10 things to get right for successful dev secops
 
Release Your Inner DevSecOp
Release Your Inner DevSecOpRelease Your Inner DevSecOp
Release Your Inner DevSecOp
 
The State of DevSecOps
The State of DevSecOpsThe State of DevSecOps
The State of DevSecOps
 
Barriers to Container Security and How to Overcome Them
Barriers to Container Security and How to Overcome ThemBarriers to Container Security and How to Overcome Them
Barriers to Container Security and How to Overcome Them
 
DevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss BankingDevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss Banking
 
Automating Security Compliance on AWS with DevSecOps
Automating Security Compliance on AWS with DevSecOpsAutomating Security Compliance on AWS with DevSecOps
Automating Security Compliance on AWS with DevSecOps
 
DevOps or DevSecOps
DevOps or DevSecOpsDevOps or DevSecOps
DevOps or DevSecOps
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOps
 
Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1
 
DevSecOps 101
DevSecOps 101DevSecOps 101
DevSecOps 101
 

Ähnlich wie Scale DevSecOps with your Continuous Integration Pipeline

Enterprise DevOps Series: Using VS Code & Zowe
Enterprise DevOps Series: Using VS Code & ZoweEnterprise DevOps Series: Using VS Code & Zowe
Enterprise DevOps Series: Using VS Code & ZoweDevOps.com
 
How to get the best out of DevSecOps - an operations perspective
How to get the best out of DevSecOps - an operations perspectiveHow to get the best out of DevSecOps - an operations perspective
How to get the best out of DevSecOps - an operations perspectiveColin Domoney
 
Testing 12-Factor Apps
Testing 12-Factor AppsTesting 12-Factor Apps
Testing 12-Factor AppsPhillip Marlow
 
Deploy Code into Production Faster on Kubernetes
Deploy Code into Production Faster on KubernetesDeploy Code into Production Faster on Kubernetes
Deploy Code into Production Faster on KubernetesVMware Tanzu
 
DevOps: Security's Big Opportunity
DevOps: Security's Big OpportunityDevOps: Security's Big Opportunity
DevOps: Security's Big OpportunityTimothy Jarrett
 
AWS Meetup: Career Day 2019 - Lightning Talk with Cloud Career Path: DevOps E...
AWS Meetup: Career Day 2019 - Lightning Talk with Cloud Career Path: DevOps E...AWS Meetup: Career Day 2019 - Lightning Talk with Cloud Career Path: DevOps E...
AWS Meetup: Career Day 2019 - Lightning Talk with Cloud Career Path: DevOps E...AWS User Group - Thailand
 
How to get the best out of DevSecOps - a security perspective
How to get the best out of DevSecOps - a security perspectiveHow to get the best out of DevSecOps - a security perspective
How to get the best out of DevSecOps - a security perspectiveColin Domoney
 
Your Resolution for 2018: Five Principles For Securing DevOps
Your Resolution for 2018: Five Principles For Securing DevOpsYour Resolution for 2018: Five Principles For Securing DevOps
Your Resolution for 2018: Five Principles For Securing DevOpsDevOps.com
 
Integrate Security and Compliance into your CI/CD Pipeline
Integrate Security and Compliance into your CI/CD PipelineIntegrate Security and Compliance into your CI/CD Pipeline
Integrate Security and Compliance into your CI/CD PipelineDevOps Indonesia
 
Shift Left for More Secure Apps with F5 NGINX
Shift Left for More Secure Apps with F5 NGINXShift Left for More Secure Apps with F5 NGINX
Shift Left for More Secure Apps with F5 NGINXNGINX, Inc.
 
Scaling AppSec through Education
Scaling AppSec through EducationScaling AppSec through Education
Scaling AppSec through EducationGrant Ongers
 
Tanzu Developer Connect Workshop - English
Tanzu Developer Connect Workshop - EnglishTanzu Developer Connect Workshop - English
Tanzu Developer Connect Workshop - EnglishVMware Tanzu
 
Virtual Developer Connect Workshop - English
Virtual Developer Connect Workshop - EnglishVirtual Developer Connect Workshop - English
Virtual Developer Connect Workshop - EnglishVMware Tanzu
 
CA - Entrega Continua
CA - Entrega ContinuaCA - Entrega Continua
CA - Entrega ContinuaSoftware Guru
 
Scale Continuous Deployment to Production with DeployHub and CloudBees
Scale Continuous Deployment to Production with DeployHub and CloudBeesScale Continuous Deployment to Production with DeployHub and CloudBees
Scale Continuous Deployment to Production with DeployHub and CloudBeesDevOps.com
 
Scale Continuous Deployment to Production with DeployHub and CloudBees
Scale Continuous Deployment to Production with DeployHub and CloudBeesScale Continuous Deployment to Production with DeployHub and CloudBees
Scale Continuous Deployment to Production with DeployHub and CloudBeesDeborah Schalm
 
Embrace DevSecOps and Enjoy a Significant Competitive Advantage!
Embrace DevSecOps and Enjoy a Significant Competitive Advantage!Embrace DevSecOps and Enjoy a Significant Competitive Advantage!
Embrace DevSecOps and Enjoy a Significant Competitive Advantage!DevOps.com
 
IBM Pulse session 2727: Continuous delivery -accelerated with DevOps
IBM Pulse session 2727: Continuous delivery -accelerated with DevOpsIBM Pulse session 2727: Continuous delivery -accelerated with DevOps
IBM Pulse session 2727: Continuous delivery -accelerated with DevOpsSanjeev Sharma
 
Full Spectrum Engineering – The New Full-stack
Full Spectrum Engineering – The New Full-stack Full Spectrum Engineering – The New Full-stack
Full Spectrum Engineering – The New Full-stack Deborah Schalm
 

Ähnlich wie Scale DevSecOps with your Continuous Integration Pipeline (20)

Enterprise DevOps Series: Using VS Code & Zowe
Enterprise DevOps Series: Using VS Code & ZoweEnterprise DevOps Series: Using VS Code & Zowe
Enterprise DevOps Series: Using VS Code & Zowe
 
How to get the best out of DevSecOps - an operations perspective
How to get the best out of DevSecOps - an operations perspectiveHow to get the best out of DevSecOps - an operations perspective
How to get the best out of DevSecOps - an operations perspective
 
Testing 12-Factor Apps
Testing 12-Factor AppsTesting 12-Factor Apps
Testing 12-Factor Apps
 
Deploy Code into Production Faster on Kubernetes
Deploy Code into Production Faster on KubernetesDeploy Code into Production Faster on Kubernetes
Deploy Code into Production Faster on Kubernetes
 
DevOps: Security's Big Opportunity
DevOps: Security's Big OpportunityDevOps: Security's Big Opportunity
DevOps: Security's Big Opportunity
 
AWS Meetup: Career Day 2019 - Lightning Talk with Cloud Career Path: DevOps E...
AWS Meetup: Career Day 2019 - Lightning Talk with Cloud Career Path: DevOps E...AWS Meetup: Career Day 2019 - Lightning Talk with Cloud Career Path: DevOps E...
AWS Meetup: Career Day 2019 - Lightning Talk with Cloud Career Path: DevOps E...
 
How to get the best out of DevSecOps - a security perspective
How to get the best out of DevSecOps - a security perspectiveHow to get the best out of DevSecOps - a security perspective
How to get the best out of DevSecOps - a security perspective
 
Your Resolution for 2018: Five Principles For Securing DevOps
Your Resolution for 2018: Five Principles For Securing DevOpsYour Resolution for 2018: Five Principles For Securing DevOps
Your Resolution for 2018: Five Principles For Securing DevOps
 
Integrate Security and Compliance into your CI/CD Pipeline
Integrate Security and Compliance into your CI/CD PipelineIntegrate Security and Compliance into your CI/CD Pipeline
Integrate Security and Compliance into your CI/CD Pipeline
 
Shift Left for More Secure Apps with F5 NGINX
Shift Left for More Secure Apps with F5 NGINXShift Left for More Secure Apps with F5 NGINX
Shift Left for More Secure Apps with F5 NGINX
 
Scaling AppSec through Education
Scaling AppSec through EducationScaling AppSec through Education
Scaling AppSec through Education
 
Tanzu Developer Connect Workshop - English
Tanzu Developer Connect Workshop - EnglishTanzu Developer Connect Workshop - English
Tanzu Developer Connect Workshop - English
 
Virtual Developer Connect Workshop - English
Virtual Developer Connect Workshop - EnglishVirtual Developer Connect Workshop - English
Virtual Developer Connect Workshop - English
 
CA - Entrega Continua
CA - Entrega ContinuaCA - Entrega Continua
CA - Entrega Continua
 
Upmc tpdev5
Upmc tpdev5Upmc tpdev5
Upmc tpdev5
 
Scale Continuous Deployment to Production with DeployHub and CloudBees
Scale Continuous Deployment to Production with DeployHub and CloudBeesScale Continuous Deployment to Production with DeployHub and CloudBees
Scale Continuous Deployment to Production with DeployHub and CloudBees
 
Scale Continuous Deployment to Production with DeployHub and CloudBees
Scale Continuous Deployment to Production with DeployHub and CloudBeesScale Continuous Deployment to Production with DeployHub and CloudBees
Scale Continuous Deployment to Production with DeployHub and CloudBees
 
Embrace DevSecOps and Enjoy a Significant Competitive Advantage!
Embrace DevSecOps and Enjoy a Significant Competitive Advantage!Embrace DevSecOps and Enjoy a Significant Competitive Advantage!
Embrace DevSecOps and Enjoy a Significant Competitive Advantage!
 
IBM Pulse session 2727: Continuous delivery -accelerated with DevOps
IBM Pulse session 2727: Continuous delivery -accelerated with DevOpsIBM Pulse session 2727: Continuous delivery -accelerated with DevOps
IBM Pulse session 2727: Continuous delivery -accelerated with DevOps
 
Full Spectrum Engineering – The New Full-stack
Full Spectrum Engineering – The New Full-stack Full Spectrum Engineering – The New Full-stack
Full Spectrum Engineering – The New Full-stack
 

Mehr von DevOps.com

Modernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareModernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareDevOps.com
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...DevOps.com
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...DevOps.com
 
Next Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and SnykNext Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and SnykDevOps.com
 
Vulnerability Discovery in the Cloud
Vulnerability Discovery in the CloudVulnerability Discovery in the Cloud
Vulnerability Discovery in the CloudDevOps.com
 
2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and Predictions2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and PredictionsDevOps.com
 
A New Year’s Ransomware Resolution
A New Year’s Ransomware ResolutionA New Year’s Ransomware Resolution
A New Year’s Ransomware ResolutionDevOps.com
 
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)DevOps.com
 
Don't Panic! Effective Incident Response
Don't Panic! Effective Incident ResponseDon't Panic! Effective Incident Response
Don't Panic! Effective Incident ResponseDevOps.com
 
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's CultureCreating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's CultureDevOps.com
 
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with TeleportRole Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with TeleportDevOps.com
 
Monitoring Serverless Applications with Datadog
Monitoring Serverless Applications with DatadogMonitoring Serverless Applications with Datadog
Monitoring Serverless Applications with DatadogDevOps.com
 
Deliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or PrivatelyDeliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or PrivatelyDevOps.com
 
Securing medical apps in the age of covid final
Securing medical apps in the age of covid finalSecuring medical apps in the age of covid final
Securing medical apps in the age of covid finalDevOps.com
 
How to Build a Healthy On-Call Culture
How to Build a Healthy On-Call CultureHow to Build a Healthy On-Call Culture
How to Build a Healthy On-Call CultureDevOps.com
 
The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021DevOps.com
 
Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?DevOps.com
 
Secure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsSecure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsDevOps.com
 
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...DevOps.com
 
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...DevOps.com
 

Mehr von DevOps.com (20)

Modernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareModernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source Software
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
 
Next Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and SnykNext Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and Snyk
 
Vulnerability Discovery in the Cloud
Vulnerability Discovery in the CloudVulnerability Discovery in the Cloud
Vulnerability Discovery in the Cloud
 
2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and Predictions2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and Predictions
 
A New Year’s Ransomware Resolution
A New Year’s Ransomware ResolutionA New Year’s Ransomware Resolution
A New Year’s Ransomware Resolution
 
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
 
Don't Panic! Effective Incident Response
Don't Panic! Effective Incident ResponseDon't Panic! Effective Incident Response
Don't Panic! Effective Incident Response
 
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's CultureCreating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
 
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with TeleportRole Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
 
Monitoring Serverless Applications with Datadog
Monitoring Serverless Applications with DatadogMonitoring Serverless Applications with Datadog
Monitoring Serverless Applications with Datadog
 
Deliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or PrivatelyDeliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or Privately
 
Securing medical apps in the age of covid final
Securing medical apps in the age of covid finalSecuring medical apps in the age of covid final
Securing medical apps in the age of covid final
 
How to Build a Healthy On-Call Culture
How to Build a Healthy On-Call CultureHow to Build a Healthy On-Call Culture
How to Build a Healthy On-Call Culture
 
The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021
 
Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?
 
Secure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsSecure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift Environments
 
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
 
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
 

Kürzlich hochgeladen

Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 

Kürzlich hochgeladen (20)

Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 

Scale DevSecOps with your Continuous Integration Pipeline

  • 1. © 2019 VERACODE INC.1 © 2019 VERACODE INC. Scale DevSecOps with your Continuous Integration Pipeline Presented by DevOps.com and Veracode
  • 2. © 2019 VERACODE INC.2 Today’s Presenters Janet Worthington Principal Product Manager Vineeta Puranik Vice President of Engineering and Operations
  • 3. © 2019 VERACODE INC.3 Audience Poll What is your role on the team? • Developer • Developer in Test • Security • DevOps • Manager
  • 4. © 2019 VERACODE INC.4 What is Dev(Sec)Ops? • “DevOps is the practice of operations and development engineers participating together in the entire service lifecycle, from design through the development process to production support.” • “DevOps is also characterized by operations staff using many of the same techniques as developers for their systems work.” Source : ‘What Is DevOps?’ 2010. The Agile Admin. August 2. https://theagileadmin.com/what-is-devops/
  • 5. © 2019 VERACODE INC.5 DevSecOps: Shift in culture Dev Sec Ops Work in small batches Automate when possible Security controls: automate Trust: Safe to fail Fast delivery to customers Collaborate Feedback Learn
  • 6. © 2019 VERACODE INC.6 Metrics to measure Source: DORA: 2018 State of DevOps Report
  • 7. © 2019 VERACODE INC.7 DevOps allows teams to deploy code daily/hourly, reduce lead time for changes, reduce time to restore service and minimize the impact of new changes on production. Source: DORA: 2018 State of DevOps Report
  • 8. © 2019 VERACODE INC.8 Work Flow cycle: Agile Development Team • Dev, QA, IT, Ops, UX, Security – cross functional teams collaborate to achieve common organizational goal • Less friction, more velocity – Work flows smoothly through entire value stream to customer • Plan, code, Test – Agile – Modular – Automate • Small continuous deploys • Infrastructure as code Recommended book DevOps Handbook by Gene Kim
  • 9. © 2019 VERACODE INC.9 Software Deployment CICD • Promote code early and often Test early and often, including security issues • Continuous integration, builds, and tests • Fast and reliable automation test suites • Package once, deploy anywhere • Canary or blue green deployments
  • 10. © 2019 VERACODE INC.10 Software Availability: Operations • Monitoring- server, app performance • Continuous Feedback, Learning • Experiment: Fail fast; learn fast • Testing Operations Security – everyone’s job everyday • Increased awareness of production issues
  • 11. © 2019 VERACODE INC.11 DevSecOps Best Practices Source: Veracode: The Developer’s Guide to the DevSecOps Galaxy
  • 12. © 2019 VERACODE INC.12 Benefits of DevSecOps for Developers Source: Stripe: The Developer Coefficient, Sept 2018 Source: Puppet: 2016 State of DevOps Report
  • 13. © 2019 VERACODE INC.13 Source: Veracode: State of Software Security Volume 9
  • 14. © 2019 VERACODE INC.14 Security Throughout The Lifecycle Static Policy Speed & Prevention Coverage & Remediation Is the Application Secure? Is My Code Secure? Is Our Combined Code Secure? Static SandboxGreenlight JAVA JAVA
  • 15. © 2019 VERACODE INC.15 Greenlight Helps developers answer the question – “Is my code good?” Continuous Flaw Feedback Fast, Early, Focused scans of code that a developer is currently working on Secure Coding Education Remediation guidance provided directly to the Developer to assist with quick fixes  Reduce the number of flaws entered into downstream activities  Maintain development velocity  Improve adoption with tools that work the way developers expect them to
  • 16. © 2019 VERACODE INC.16 Greenlight Where You Want It IDE Build CI RAD
  • 17. © 2019 VERACODE INC.17 Code Code Continuous Testing Pipeline Functional Tests / Integration Tests / Performance Tests + Static Sandbox DevSecOps: Scan Early, Scan Often Continuous Integration Pipeline Build / Unit Test / Code Quality / Code Review + Greenlight API Continuous Delivery Pipeline Stage/ UAT/ Final Validation / Deploy + Static Policy Continuous Development Code / Compile / Debug / Unit Test / Commit + Greenlight IDE
  • 18. © 2019 VERACODE INC.18 CI CD Workflow Example
  • 19. © 2019 VERACODE INC.19 Continuous Integration Pipelines
  • 20. © 2019 VERACODE INC.20 Dev Env: Write, Commit and Push
  • 21. © 2019 VERACODE INC.21 Feature Branch Pipeline: Failed scan new/changed files Greenlight
  • 22. © 2019 VERACODE INC.22 Greenlight Scan: Summary Results
  • 23. © 2019 VERACODE INC.23 Greenlight JSON Results Archive Greenlight results JSON file with scan details is archived to: gl-scanner-java_<projectref-commithash>_greenlight-results.zip
  • 24. © 2019 VERACODE INC.24 Dev Env: Fix, Commit and Push
  • 25. © 2019 VERACODE INC.25 Feature Branch Pipeline: Success Greenlight scan new/changed files
  • 26. © 2019 VERACODE INC.26 Feature Branch: Merge Request
  • 27. © 2019 VERACODE INC.27 Feature Branch: Merge Approval
  • 28. © 2019 VERACODE INC.28 Continuous Integration Succeeds, Continuous Test Triggered Tag for Release
  • 29. © 2019 VERACODE INC.29 Continuous Test Succeeds & Continuous Delivery Triggered Veracode Static Scan Project Deploy
  • 30. © 2019 VERACODE INC.30 Pipeline Configuration Code .gitlab-ci.yml Greenlight CI Tool
  • 31. © 2019 VERACODE INC.31 DevSecOps Examples
  • 32. © 2019 VERACODE INC.32 Veracode integrated into pipeline. Greenlight stage runs after Code Quality testing. Veracode Static Scan is run on a nightly scheduled pipeline. Example#1: Veracode in CI/CD Pipeline
  • 33. © 2019 VERACODE INC.33 Veracode integrated into pipeline. The Veracode stage executes Greenlight on feature or dev branch. On a master branch, the Veracode Stage uploads the whole application to Static. Example#2: Veracode in CI/CD Pipeline
  • 35. © 2019 VERACODE INC.35 DevSecOps Resources Kim, Gene, Patrick Debois, and John Willis. 2016. The Devops Handbook: How to Create World- Class Agility, Reliability, and Security in Technology Organizations Veracode Helps Developers Find Security Flaws Faster Using AWS. 2017. AWS. https://aws.amazon.com/sol utions/case- studies/veracode/ State of Software Security. Volume 9. Veracode. https://www.veracode.com /state-of-software-security- report The Developers Guide To The DevSecOps Galaxy. 2017. Veracode. https://info.veracode.com /guide-developers-to- devsecops-galaxy.html ‘2018 Accelerate: State of DevOps Report’. 2018. Dora. https://cloudplatformonline. com/rs/248-TPC- 286/images/DORA- State%20of%20DevOps.pdf
  • 36. © 2019 VERACODE INC.36 Thank You