Puppetize Digital

Creating a Security Pipeline to cover your ASSets

This content is only available to registered attendees of the event.

Register now

Already have an account? to view this content.

When it comes to software development, everything is being automated and moving faster. Security knows it needs to keep pace, but how do we do that? What are the factors to think about around security tools, SDLCs, pen testing, etc. when it comes to scoping how to effectively wrap security into DevOps?

Especially when Executive Orders from the US are demanding security testing that “check for known and potential vulnerabilities… at a minimum prior to product, version, or update release”

This talk/demo shows how to use existing security tools, along with tools/scripts you’ve created yourself, and create a ‘security-as-a-service’ pipeline that hooks into your existing CI/CD pipeline. The challenge here is to do the security testing, collection, triage, and communication, before the release.

We’ll cover discussions like how to get rid of false positives, how to reduce the number of issues being reported by security tools so they’re manageable, how to setup your pipeline so only the new & important issues are highlighted, and how to make it easier to fix security issues.

We’ll also cover the many challenges the current ‘DevSecOps’ industry has, and while we don’t have all the answers, we’ll point you in the right direction.