For more Continuous Delivery Foundation content, check out our blog: [ Ссылка ]

Security as Code: A DevSecOps Approach - Joseph Katsioloudes, GitHub
Virtual Track

Speakers: Joseph Katsioloudes
Security as Code (SaC) is the methodology of codifying security tests, scans and policies. Security is implemented directly into the CI/CD pipeline to automatically and continuously detect security issues. Adopting SaC tightly couples application development with security and vulnerability management, while enabling developers to focus on functionality. More importantly, it improves the collaboration between Development and Security teams and helps nurture a culture of security across the organization. In this session, we will review lessons learned from DevOps to implement a successful DevSecOps culture, i.e how we can make developers contribute security checks with the SaC approach. We will introduce CodeQL, a language that allows security checks with code, and will demo how we can code queries for vulnerabilities so they can be identified as soon as they hit your CI/CD pipeline.

свернуть