Securing The DevOps Pipeline

Modern application development revolves around DevOps workflows that have development teams always churning out new application features, automating unit and functional testing of applications, and deploying to production in the shortest time frame possible. The newer technologies that enable this level of automation and speed create new risks to organizations practicing DevOps. This talk will review the overall DevOps workflow: developers creating application code and the risks around source code repositories; automating the building and testing of the application from code using continuous integration tools such as Jenkins; assessing applications for vulnerabilities, malware, and software composition early in the development lifecycle when it is cheaper to fix; and the new infrastructure running container applications, such as registries and container orchestration tools and the risks involved with running this infrastructure. The key to DevOps is automation and building security into everything becomes critical.

Presenter: James Smith