Diese Präsentation wurde erfolgreich gemeldet.
Die SlideShare-Präsentation wird heruntergeladen. ×

Scale DevSecOps with your Continuous Integration Pipeline

14. Feb 2019
2 gefällt mir 372 Aufrufe
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Nächste SlideShare
DevSecOps Singapore 2017 - Security in the Delivery Pipeline
DevSecOps Singapore 2017 - Security in the Delivery Pipeline
Wird geladen in …3
×

Hier ansehen

Defining DevSecOps
Uchit Vyas ☁
Benefits of DevSecOps
Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
Dos and Don'ts of DevSecOps
Priyanka Aash
Maturing DevSecOps: From Easy to High Impact
SBWebinars
DevSecOps for the DoD
JamesHarmison
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
Denim Group
Take Control: Design a Complete DevSecOps Program
Deborah Schalm
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
Mohammed A. Imran
1 von 36 Anzeige

Scale DevSecOps with your Continuous Integration Pipeline

14. Feb 2019
2 gefällt mir 372 Aufrufe

Herunterladen, um offline zu lesen

Technologie

Hear from AppSec and Development leaders on how they apply the principles of DevOps to deliver secure products and services to customers. Learn how you can scale your DevSecOps initiatives to reduce time-to-deployment and lower costs as you deliver secure software. During this webinar, you will learn about the latest tools and techniques that will enable your development teams to embed security scanning into your IDE as you are coding, returning most scans in seconds – all while integrating into your CI pipeline. Our speaker will provide:

An overview of Veracode Greenlight and its integrations with developer tools;
A summary of recent Greenlight use cases and successes;
Examples of how Greenlight integrates into your CI pipeline

Hear from AppSec and Development leaders on how they apply the principles of DevOps to deliver secure products and services to customers. Learn how you can scale your DevSecOps initiatives to reduce time-to-deployment and lower costs as you deliver secure software. During this webinar, you will learn about the latest tools and techniques that will enable your development teams to embed security scanning into your IDE as you are coding, returning most scans in seconds – all while integrating into your CI pipeline. Our speaker will provide:

An overview of Veracode Greenlight and its integrations with developer tools;
A summary of recent Greenlight use cases and successes;
Examples of how Greenlight integrates into your CI pipeline

Technologie
Anzeige

Empfohlen

DevSecOps Singapore 2017 - Security in the Delivery Pipeline
James Wickett
23.8k Aufrufe
141 Folien
DevSecOps, An Organizational Primer - AWS Security Week at the SF Loft
Amazon Web Services
863 Aufrufe
47 Folien
Dev secops. Real experience.
Vitaly Balashov
225 Aufrufe
18 Folien
Scale DevSecOps with your Continuous Integration Pipeline
DevOps.com
234 Aufrufe
33 Folien
Microsoft DevOps Forum 2021 – DevOps & Security
Nico Meisenzahl
236 Aufrufe
23 Folien
The DevSecOps Builder’s Guide to the CI/CD Pipeline
James Wickett
606 Aufrufe
98 Folien
DevSecOps reference architectures 2018
Sonatype
9.6k Aufrufe
27 Folien
The New Security Playbook: DevSecOps
James Wickett
738 Aufrufe
55 Folien
Anzeige

Weitere Verwandte Inhalte

Diashows für Sie (20)

Defining DevSecOps
Uchit Vyas ☁
408 Aufrufe
Benefits of DevSecOps
Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
301 Aufrufe
Dos and Don'ts of DevSecOps
Priyanka Aash
443 Aufrufe
Maturing DevSecOps: From Easy to High Impact
SBWebinars
474 Aufrufe
DevSecOps for the DoD
JamesHarmison
75 Aufrufe
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
Denim Group
369 Aufrufe
Take Control: Design a Complete DevSecOps Program
Deborah Schalm
634 Aufrufe
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
Mohammed A. Imran
737 Aufrufe
Secure DevOPS Implementation Guidance
Tej Luthra
193 Aufrufe
DevSecOps The Evolution of DevOps
Michael Man
1.1k Aufrufe
10 things to get right for successful dev secops
Mohammed Ahmed
182 Aufrufe
Release Your Inner DevSecOp
James Wickett
471 Aufrufe
The State of DevSecOps
DevOps Indonesia
1.7k Aufrufe
Barriers to Container Security and How to Overcome Them
WhiteSource
121 Aufrufe
DevOps & DevSecOps in Swiss Banking
Aarno Aukia
158 Aufrufe
Automating Security Compliance on AWS with DevSecOps
Tushar Gupta
59 Aufrufe
DevOps or DevSecOps
Michelangelo van Dam
971 Aufrufe
Introduction to DevSecOps
Setu Parimi
1.8k Aufrufe
Practical DevSecOps Course - Part 1
Mohammed A. Imran
3.3k Aufrufe
DevSecOps 101
Narudom Roongsiriwong, CISSP
7k Aufrufe
Defining DevSecOps
Uchit Vyas ☁
408 Aufrufe
18 Folien
Benefits of DevSecOps
Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
301 Aufrufe
19 Folien
Dos and Don'ts of DevSecOps
Priyanka Aash
443 Aufrufe
46 Folien
Maturing DevSecOps: From Easy to High Impact
SBWebinars
474 Aufrufe
96 Folien
DevSecOps for the DoD
JamesHarmison
75 Aufrufe
42 Folien
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
Denim Group
369 Aufrufe
72 Folien

Ähnlich wie Scale DevSecOps with your Continuous Integration Pipeline (20)

Enterprise DevOps Series: Using VS Code & Zowe
DevOps.com
109 Aufrufe
How to get the best out of DevSecOps - an operations perspective
Colin Domoney
111 Aufrufe
Testing 12-Factor Apps
Phillip Marlow
5 Aufrufe
Deploy Code into Production Faster on Kubernetes
VMware Tanzu
336 Aufrufe
DevOps: Security's Big Opportunity
Timothy Jarrett
89 Aufrufe
AWS Meetup: Career Day 2019 - Lightning Talk with Cloud Career Path: DevOps E...
AWS User Group - Thailand
654 Aufrufe
How to get the best out of DevSecOps - a security perspective
Colin Domoney
74 Aufrufe
Your Resolution for 2018: Five Principles For Securing DevOps
DevOps.com
1.1k Aufrufe
Integrate Security and Compliance into your CI/CD Pipeline
DevOps Indonesia
538 Aufrufe
Shift Left for More Secure Apps with F5 NGINX
NGINX, Inc.
97 Aufrufe
Scaling AppSec through Education
Grant Ongers
310 Aufrufe
CA - Entrega Continua
Software Guru
1.4k Aufrufe
Upmc tpdev5
Jean-Yves Rigolet
39 Aufrufe
Scale Continuous Deployment to Production with DeployHub and CloudBees
DevOps.com
64 Aufrufe
Scale Continuous Deployment to Production with DeployHub and CloudBees
Deborah Schalm
420 Aufrufe
Devops seminar report
DurgashambaviAmarnen
2.9k Aufrufe
Embrace DevSecOps and Enjoy a Significant Competitive Advantage!
DevOps.com
273 Aufrufe
IBM Pulse session 2727: Continuous delivery -accelerated with DevOps
Sanjeev Sharma
3.4k Aufrufe
Full Spectrum Engineering – The New Full-stack
Deborah Schalm
557 Aufrufe
Tanzu Developer Connect Workshop - 06022022.pdf
GabrielaRodriguez182401
45 Aufrufe
Enterprise DevOps Series: Using VS Code & Zowe
DevOps.com
109 Aufrufe
31 Folien
How to get the best out of DevSecOps - an operations perspective
Colin Domoney
111 Aufrufe
42 Folien
Testing 12-Factor Apps
Phillip Marlow
5 Aufrufe
17 Folien
Deploy Code into Production Faster on Kubernetes
VMware Tanzu
336 Aufrufe
19 Folien
DevOps: Security's Big Opportunity
Timothy Jarrett
89 Aufrufe
31 Folien
AWS Meetup: Career Day 2019 - Lightning Talk with Cloud Career Path: DevOps E...
AWS User Group - Thailand
654 Aufrufe
21 Folien
Anzeige

Weitere von DevOps.com (20)

Modernizing on IBM Z Made Easier With Open Source Software
DevOps.com
838 Aufrufe
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
DevOps.com
252 Aufrufe
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
DevOps.com
132 Aufrufe
Next Generation Vulnerability Assessment Using Datadog and Snyk
DevOps.com
238 Aufrufe
Vulnerability Discovery in the Cloud
DevOps.com
301 Aufrufe
2021 Open Source Governance: Top Ten Trends and Predictions
DevOps.com
203 Aufrufe
A New Year’s Ransomware Resolution
DevOps.com
181 Aufrufe
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
DevOps.com
279 Aufrufe
Don't Panic! Effective Incident Response
DevOps.com
215 Aufrufe
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
DevOps.com
164 Aufrufe
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
DevOps.com
370 Aufrufe
Monitoring Serverless Applications with Datadog
DevOps.com
228 Aufrufe
Deliver your App Anywhere … Publicly or Privately
DevOps.com
253 Aufrufe
Securing medical apps in the age of covid final
DevOps.com
131 Aufrufe
How to Build a Healthy On-Call Culture
DevOps.com
112 Aufrufe
The Evolving Role of the Developer in 2021
DevOps.com
154 Aufrufe
Service Mesh: Two Big Words But Do You Need It?
DevOps.com
171 Aufrufe
Secure Data Sharing in OpenShift Environments
DevOps.com
154 Aufrufe
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
DevOps.com
177 Aufrufe
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
DevOps.com
57 Aufrufe
Modernizing on IBM Z Made Easier With Open Source Software
DevOps.com
838 Aufrufe
37 Folien
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
DevOps.com
252 Aufrufe
29 Folien
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
DevOps.com
132 Aufrufe
31 Folien
Next Generation Vulnerability Assessment Using Datadog and Snyk
DevOps.com
238 Aufrufe
37 Folien
Vulnerability Discovery in the Cloud
DevOps.com
301 Aufrufe
45 Folien
2021 Open Source Governance: Top Ten Trends and Predictions
DevOps.com
203 Aufrufe
15 Folien

Aktuellste (20)

Q5.pdf
Diego Armando Guzmán
30 Aufrufe
Augmented Reality for Learning and Accessibility
Shalin Hai-Jew
4 Aufrufe
BFSI KDS.pptx
Kapil Dev Singh
0 Aufrufe
Comparison Chat of PTFE By Rohit Damodaran
Rohit Damodaran
3 Aufrufe
Research Presentation.pptx
TinaRivera12
0 Aufrufe
Webinar: Silicon Carbide (SiC): A tecnologia do futuro para projetos de potência
Embarcados
0 Aufrufe
Q4.pdf
Diego Armando Guzmán
30 Aufrufe
huawei-lte-handover-events.pdf
ariyantohari
3 Aufrufe
Operation Technology.docx
MuhammadKhalil502533
4 Aufrufe
DLC Coatings
Muhammad Talha
0 Aufrufe
Brain_Computer_Interface_A_presentation.pptx
SaquibFarooq
0 Aufrufe
Digital.docx
MuhammadKhalil502533
0 Aufrufe
PTZOptics - 2023 Presentation.pdf
Paul Richards
7 Aufrufe
Q2.pdf
Diego Armando Guzmán
35 Aufrufe
99995320.ppt
MohdSaqib79
0 Aufrufe
Industry Overview eHealth and Smart Grid initiatives
JuanLungA
3 Aufrufe
Capacitance Calculation By Rohit Damodaran
Rohit Damodaran
3 Aufrufe
Kenneth_C.Laudon,Jane_P_.Laudon_-Management Information System_Pearson_2014.pdf
NamNgThnh5
0 Aufrufe
Pharmacophore mapping and virtual screening(CADD) ppt.pptx
MZzaddy
4 Aufrufe
Rapid-Prototyping.ppt
AmitavaDatta9
0 Aufrufe
Q5.pdf
Diego Armando Guzmán
30 Aufrufe
4 Folien
Augmented Reality for Learning and Accessibility
Shalin Hai-Jew
4 Aufrufe
59 Folien
BFSI KDS.pptx
Kapil Dev Singh
0 Aufrufe
5 Folien
Comparison Chat of PTFE By Rohit Damodaran
Rohit Damodaran
3 Aufrufe
2 Folien
Research Presentation.pptx
TinaRivera12
0 Aufrufe
9 Folien
Webinar: Silicon Carbide (SiC): A tecnologia do futuro para projetos de potência
Embarcados
0 Aufrufe
46 Folien
Anzeige

Scale DevSecOps with your Continuous Integration Pipeline

  1. 1. © 2019 VERACODE INC.1 © 2019 VERACODE INC. Scale DevSecOps with your Continuous Integration Pipeline Presented by DevOps.com and Veracode
  2. 2. © 2019 VERACODE INC.2 Today’s Presenters Janet Worthington Principal Product Manager Vineeta Puranik Vice President of Engineering and Operations
  3. 3. © 2019 VERACODE INC.3 Audience Poll What is your role on the team? • Developer • Developer in Test • Security • DevOps • Manager
  4. 4. © 2019 VERACODE INC.4 What is Dev(Sec)Ops? • “DevOps is the practice of operations and development engineers participating together in the entire service lifecycle, from design through the development process to production support.” • “DevOps is also characterized by operations staff using many of the same techniques as developers for their systems work.” Source : ‘What Is DevOps?’ 2010. The Agile Admin. August 2. https://theagileadmin.com/what-is-devops/
  5. 5. © 2019 VERACODE INC.5 DevSecOps: Shift in culture Dev Sec Ops Work in small batches Automate when possible Security controls: automate Trust: Safe to fail Fast delivery to customers Collaborate Feedback Learn
  6. 6. © 2019 VERACODE INC.6 Metrics to measure Source: DORA: 2018 State of DevOps Report
  7. 7. © 2019 VERACODE INC.7 DevOps allows teams to deploy code daily/hourly, reduce lead time for changes, reduce time to restore service and minimize the impact of new changes on production. Source: DORA: 2018 State of DevOps Report
  8. 8. © 2019 VERACODE INC.8 Work Flow cycle: Agile Development Team • Dev, QA, IT, Ops, UX, Security – cross functional teams collaborate to achieve common organizational goal • Less friction, more velocity – Work flows smoothly through entire value stream to customer • Plan, code, Test – Agile – Modular – Automate • Small continuous deploys • Infrastructure as code Recommended book DevOps Handbook by Gene Kim
  9. 9. © 2019 VERACODE INC.9 Software Deployment CICD • Promote code early and often Test early and often, including security issues • Continuous integration, builds, and tests • Fast and reliable automation test suites • Package once, deploy anywhere • Canary or blue green deployments
  10. 10. © 2019 VERACODE INC.10 Software Availability: Operations • Monitoring- server, app performance • Continuous Feedback, Learning • Experiment: Fail fast; learn fast • Testing Operations Security – everyone’s job everyday • Increased awareness of production issues
  11. 11. © 2019 VERACODE INC.11 DevSecOps Best Practices Source: Veracode: The Developer’s Guide to the DevSecOps Galaxy
  12. 12. © 2019 VERACODE INC.12 Benefits of DevSecOps for Developers Source: Stripe: The Developer Coefficient, Sept 2018 Source: Puppet: 2016 State of DevOps Report
  13. 13. © 2019 VERACODE INC.13 Source: Veracode: State of Software Security Volume 9
  14. 14. © 2019 VERACODE INC.14 Security Throughout The Lifecycle Static Policy Speed & Prevention Coverage & Remediation Is the Application Secure? Is My Code Secure? Is Our Combined Code Secure? Static SandboxGreenlight JAVA JAVA
  15. 15. © 2019 VERACODE INC.15 Greenlight Helps developers answer the question – “Is my code good?” Continuous Flaw Feedback Fast, Early, Focused scans of code that a developer is currently working on Secure Coding Education Remediation guidance provided directly to the Developer to assist with quick fixes  Reduce the number of flaws entered into downstream activities  Maintain development velocity  Improve adoption with tools that work the way developers expect them to
  16. 16. © 2019 VERACODE INC.16 Greenlight Where You Want It IDE Build CI RAD
  17. 17. © 2019 VERACODE INC.17 Code Code Continuous Testing Pipeline Functional Tests / Integration Tests / Performance Tests + Static Sandbox DevSecOps: Scan Early, Scan Often Continuous Integration Pipeline Build / Unit Test / Code Quality / Code Review + Greenlight API Continuous Delivery Pipeline Stage/ UAT/ Final Validation / Deploy + Static Policy Continuous Development Code / Compile / Debug / Unit Test / Commit + Greenlight IDE
  18. 18. © 2019 VERACODE INC.18 CI CD Workflow Example
  19. 19. © 2019 VERACODE INC.19 Continuous Integration Pipelines
  20. 20. © 2019 VERACODE INC.20 Dev Env: Write, Commit and Push
  21. 21. © 2019 VERACODE INC.21 Feature Branch Pipeline: Failed scan new/changed files Greenlight
  22. 22. © 2019 VERACODE INC.22 Greenlight Scan: Summary Results
  23. 23. © 2019 VERACODE INC.23 Greenlight JSON Results Archive Greenlight results JSON file with scan details is archived to: gl-scanner-java_<projectref-commithash>_greenlight-results.zip
  24. 24. © 2019 VERACODE INC.24 Dev Env: Fix, Commit and Push
  25. 25. © 2019 VERACODE INC.25 Feature Branch Pipeline: Success Greenlight scan new/changed files
  26. 26. © 2019 VERACODE INC.26 Feature Branch: Merge Request
  27. 27. © 2019 VERACODE INC.27 Feature Branch: Merge Approval
  28. 28. © 2019 VERACODE INC.28 Continuous Integration Succeeds, Continuous Test Triggered Tag for Release
  29. 29. © 2019 VERACODE INC.29 Continuous Test Succeeds & Continuous Delivery Triggered Veracode Static Scan Project Deploy
  30. 30. © 2019 VERACODE INC.30 Pipeline Configuration Code .gitlab-ci.yml Greenlight CI Tool
  31. 31. © 2019 VERACODE INC.31 DevSecOps Examples
  32. 32. © 2019 VERACODE INC.32 Veracode integrated into pipeline. Greenlight stage runs after Code Quality testing. Veracode Static Scan is run on a nightly scheduled pipeline. Example#1: Veracode in CI/CD Pipeline
  33. 33. © 2019 VERACODE INC.33 Veracode integrated into pipeline. The Veracode stage executes Greenlight on feature or dev branch. On a master branch, the Veracode Stage uploads the whole application to Static. Example#2: Veracode in CI/CD Pipeline
  34. 34. © 2019 VERACODE INC.34
  35. 35. © 2019 VERACODE INC.35 DevSecOps Resources Kim, Gene, Patrick Debois, and John Willis. 2016. The Devops Handbook: How to Create World- Class Agility, Reliability, and Security in Technology Organizations Veracode Helps Developers Find Security Flaws Faster Using AWS. 2017. AWS. https://aws.amazon.com/sol utions/case- studies/veracode/ State of Software Security. Volume 9. Veracode. https://www.veracode.com /state-of-software-security- report The Developers Guide To The DevSecOps Galaxy. 2017. Veracode. https://info.veracode.com /guide-developers-to- devsecops-galaxy.html ‘2018 Accelerate: State of DevOps Report’. 2018. Dora. https://cloudplatformonline. com/rs/248-TPC- 286/images/DORA- State%20of%20DevOps.pdf
  36. 36. © 2019 VERACODE INC.36 Thank You

×