Security as Code: A DevSecOps Approach (Nancy Gariché)
Security as Code (SaC) is the methodology of codifying security tests, scans, and policies. Security is implemented directly into the CI/CD pipeline to automatically and continuously detect security vulnerabilities. Adopting SaC tightly couples application development with security and vulnerability management, while simultaneously enabling developers to focus on core features and functionality. More importantly, it improves the collaboration between Development and Security teams and helps nurture a culture of security across the organization.
In this session, we will review lessons learned from DevOps to implement a successful DevSecOps culture, in particular how we can make developers contribute security checks with the SaC approach. We will introduce CodeQL, a language that allows us to implement security checks with code, and will demo how we can code queries for vulnerabilities and misconfigurations so they can be identified as soon as they hit your CI/CD pipeline.
Видео Security as Code: A DevSecOps Approach (Nancy Gariché) канала Skills Matter
In this session, we will review lessons learned from DevOps to implement a successful DevSecOps culture, in particular how we can make developers contribute security checks with the SaC approach. We will introduce CodeQL, a language that allows us to implement security checks with code, and will demo how we can code queries for vulnerabilities and misconfigurations so they can be identified as soon as they hit your CI/CD pipeline.
Видео Security as Code: A DevSecOps Approach (Nancy Gariché) канала Skills Matter
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
How to Contribute to Java and Open Source Projects (Heather VanCura)The Diabolical Developer's Guide to JVM Ergonomics in Containers (Martijn Verburg)Uh, Does This Thing Actually Work? Modern Microservices Testing (Holly Cummins)Dark Energy, Dark Matter and Microservice Architecture Collaboration Patterns (Chris Richardson)Reimagining Java for the Age of Cloud (Ben Evans)Enabling Microservice Success (Sarah Wells)How to Challenge Imposter Syndrome and Thrive (Rosemarie Wilson)Software Architecture in a DevOps World (Bert Jan Schrijver)Rust Async History, Libs, and Patterns (Katharina Fey)Understanding Microservices: A Guide for the Monolithic Developer (Layla Porter)In Defense of Exceptions: Throw away your Result (Roman Provazník)Experimenting with Faster Elliptic Curves in Rust (Diego F. Aranha)Rust's Unique Ownership Concept: Practical Examples and Why It's Important (Cecile Tonglet)Rust in 2024 (Niko Matsakis)Accessibility in Flutter (Lara Martín & Miguel Beltran)Build High Performance Stream Processing and Workflows with TPL Dataflow (Riccardo Terrell)Strategic Domain Driven Design Tools for Non-DDD People (Nick Tune)Simplify Distributed Persistent Processes (Workflows) with a Monadic DSL (Rahul Korthiwada)How We Haskell: Enterprise Edition (Trevis Elser)How to Design a Variadic Non-Empty List Constructor (Lyle Kopnicky)