SlideShare a Scribd company logo

Scale DevSecOps with your Continuous Integration Pipeline

DevOps.com
DevOps.com

Hear from AppSec and Development leaders on how they apply the principles of DevOps to deliver secure products and services to customers. Learn how you can scale your DevSecOps initiatives to reduce time-to-deployment and lower costs as you deliver secure software. During this webinar, you will learn about the latest tools and techniques that will enable your development teams to embed security scanning into your IDE as you are coding, returning most scans in seconds – all while integrating into your CI pipeline. Our speaker will provide: An overview of Veracode Greenlight and its integrations with developer tools; A summary of recent Greenlight use cases and successes; Examples of how Greenlight integrates into your CI pipeline

Technology
1 of 33
Download to read offline
© 2019 VERACODE INC.1 © 2019 VERACODE INC. Scale DevSecOps with your Continuous Integration Pipeline Presented by DevOps.com and Veracode
© 2019 VERACODE INC.2 Today’s Presenters Janet Worthington Principal Product Manager Vineeta Puranik Vice President of Engineering and Operations
© 2019 VERACODE INC.3 Audience Poll What is your role on the team? • Developer • Developer in Test • Security • DevOps • Manager
© 2019 VERACODE INC.4 What is Dev(Sec)Ops? • “DevOps is the practice of operations and development engineers participating together in the entire service lifecycle, from design through the development process to production support.” • “DevOps is also characterized by operations staff using many of the same techniques as developers for their systems work.” Source : ‘What Is DevOps?’ 2010. The Agile Admin. August 2. https://theagileadmin.com/what-is-devops/
© 2019 VERACODE INC.5 DevSecOps: Shift in culture Dev Sec Ops Work in small batches Automate when possible Security controls: automate Trust: Safe to fail Fast delivery to customers Collaborate Feedback Learn
© 2019 VERACODE INC.6 Metrics to measure Source: DORA: 2018 State of DevOps Report
© 2019 VERACODE INC.7 DevOps allows teams to deploy code daily/hourly, reduce lead time for changes, reduce time to restore service and minimize the impact of new changes on production. Source: DORA: 2018 State of DevOps Report
© 2019 VERACODE INC.8 Work Flow cycle: Agile Development Team • Dev, QA, IT, Ops, UX, Security – cross functional teams collaborate to achieve common organizational goal • Less friction, more velocity – Work flows smoothly through entire value stream to customer • Plan, code, Test – Agile – Modular – Automate • Small continuous deploys • Infrastructure as code Recommended book DevOps Handbook by Gene Kim
© 2019 VERACODE INC.9 Software Deployment CICD • Promote code early and often Test early and often, including security issues • Continuous integration, builds, and tests • Fast and reliable automation test suites • Package once, deploy anywhere • Canary or blue green deployments
© 2019 VERACODE INC.10 Software Availability: Operations • Monitoring- server, app performance • Continuous Feedback, Learning • Experiment: Fail fast; learn fast • Testing Operations Security – everyone’s job everyday • Increased awareness of production issues
© 2019 VERACODE INC.11 DevSecOps Best Practices Source: Veracode: The Developer’s Guide to the DevSecOps Galaxy
© 2019 VERACODE INC.12 Benefits of DevSecOps for Developers Source: Stripe: The Developer Coefficient, Sept 2018 Source: Puppet: 2016 State of DevOps Report
© 2019 VERACODE INC.13 Source: Veracode: State of Software Security Volume 9
© 2019 VERACODE INC.14 Security Throughout The Lifecycle Static Policy Speed & Prevention Coverage & Remediation Is the Application Secure? Is My Code Secure? Is Our Combined Code Secure? Static SandboxGreenlight JAVA JAVA
© 2019 VERACODE INC.15 Greenlight Helps developers answer the question – “Is my code good?” Continuous Flaw Feedback Fast, Early, Focused scans of code that a developer is currently working on Secure Coding Education Remediation guidance provided directly to the Developer to assist with quick fixes  Reduce the number of flaws entered into downstream activities  Maintain development velocity  Improve adoption with tools that work the way developers expect them to
© 2019 VERACODE INC.16 Greenlight Where You Want It IDE Build CI RAD
© 2019 VERACODE INC.17 Code Code Continuous Testing Pipeline Functional Tests / Integration Tests / Performance Tests + Static Sandbox DevSecOps: Scan Early, Scan Often Continuous Integration Pipeline Build / Unit Test / Code Quality / Code Review + Greenlight API Continuous Delivery Pipeline Stage/ UAT/ Final Validation / Deploy + Static Policy Continuous Development Code / Compile / Debug / Unit Test / Commit + Greenlight IDE
© 2019 VERACODE INC.18 CI CD Workflow Example
© 2019 VERACODE INC.19 Continuous Integration Pipelines
© 2019 VERACODE INC.20 Dev Env: Write, Commit and Push
© 2019 VERACODE INC.21 Feature Branch Pipeline: Failed scan new/changed files Greenlight
© 2019 VERACODE INC.22 Greenlight Scan: Summary Results
© 2019 VERACODE INC.23 Greenlight JSON Results Archive Greenlight results JSON file with scan details is archived to: gl-scanner-java_<projectref-commithash>_greenlight-results.zip
© 2019 VERACODE INC.24 Dev Env: Fix, Commit and Push
© 2019 VERACODE INC.25 Feature Branch Pipeline: Success Greenlight scan new/changed files
© 2019 VERACODE INC.26 Feature Branch: Merge Request
© 2019 VERACODE INC.27 Feature Branch: Merge Approval
© 2019 VERACODE INC.28 Continuous Integration Succeeds, Continuous Test Triggered Tag for Release
© 2019 VERACODE INC.29 Continuous Test Succeeds & Continuous Delivery Triggered Veracode Static Scan Project Deploy
© 2019 VERACODE INC.30 Pipeline Configuration Code .gitlab-ci.yml Greenlight CI Tool
© 2019 VERACODE INC.31
© 2019 VERACODE INC.32 DevSecOps Resources Kim, Gene, Patrick Debois, and John Willis. 2016. The Devops Handbook: How to Create World- Class Agility, Reliability, and Security in Technology Organizations Veracode Helps Developers Find Security Flaws Faster Using AWS. 2017. AWS. https://aws.amazon.com/sol utions/case- studies/veracode/ State of Software Security. Volume 9. Veracode. https://www.veracode.com /state-of-software-security- report The Developers Guide To The DevSecOps Galaxy. 2017. Veracode. https://info.veracode.com /guide-developers-to- devsecops-galaxy.html ‘2018 Accelerate: State of DevOps Report’. 2018. Dora. https://cloudplatformonline. com/rs/248-TPC- 286/images/DORA- State%20of%20DevOps.pdf
© 2019 VERACODE INC.33 Thank You

Recommended

The DevOps Challenge: Open Source Security at Scale
The DevOps Challenge: Open Source Security at ScaleThe DevOps Challenge: Open Source Security at Scale
The DevOps Challenge: Open Source Security at ScaleDevOps.com
 
Scale DevSecOps with your Continuous Integration Pipeline
Scale DevSecOps with your Continuous Integration PipelineScale DevSecOps with your Continuous Integration Pipeline
Scale DevSecOps with your Continuous Integration PipelineDevOps.com
 
Empowering Financial Institutions to Use Open Source With Confidence
Empowering Financial Institutions to Use Open Source With ConfidenceEmpowering Financial Institutions to Use Open Source With Confidence
Empowering Financial Institutions to Use Open Source With ConfidenceWhiteSource
 
Microsoft DevOps Forum 2021 – DevOps & Security
Microsoft DevOps Forum 2021 – DevOps & Security Microsoft DevOps Forum 2021 – DevOps & Security
Microsoft DevOps Forum 2021 – DevOps & SecurityNico Meisenzahl
 
Optimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at ScaleOptimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at ScaleDenim Group
 
The Challenges of Scaling DevSecOps
The Challenges of Scaling DevSecOpsThe Challenges of Scaling DevSecOps
The Challenges of Scaling DevSecOpsWhiteSource
 
Dev secops. Real experience.
Dev secops. Real experience.Dev secops. Real experience.
Dev secops. Real experience.Vitaly Balashov
 
Embrace DevSecOps and Enjoy a Significant Competitive Advantage!
Embrace DevSecOps and Enjoy a Significant Competitive Advantage!Embrace DevSecOps and Enjoy a Significant Competitive Advantage!
Embrace DevSecOps and Enjoy a Significant Competitive Advantage!DevOps.com
 

Recommended

The DevOps Challenge: Open Source Security at Scale
The DevOps Challenge: Open Source Security at ScaleThe DevOps Challenge: Open Source Security at Scale
The DevOps Challenge: Open Source Security at ScaleDevOps.com
 
Scale DevSecOps with your Continuous Integration Pipeline
Scale DevSecOps with your Continuous Integration PipelineScale DevSecOps with your Continuous Integration Pipeline
Scale DevSecOps with your Continuous Integration PipelineDevOps.com
 
Empowering Financial Institutions to Use Open Source With Confidence
Empowering Financial Institutions to Use Open Source With ConfidenceEmpowering Financial Institutions to Use Open Source With Confidence
Empowering Financial Institutions to Use Open Source With ConfidenceWhiteSource
 
Microsoft DevOps Forum 2021 – DevOps & Security
Microsoft DevOps Forum 2021 – DevOps & Security Microsoft DevOps Forum 2021 – DevOps & Security
Microsoft DevOps Forum 2021 – DevOps & SecurityNico Meisenzahl
 
Optimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at ScaleOptimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at ScaleDenim Group
 
The Challenges of Scaling DevSecOps
The Challenges of Scaling DevSecOpsThe Challenges of Scaling DevSecOps
The Challenges of Scaling DevSecOpsWhiteSource
 
Dev secops. Real experience.
Dev secops. Real experience.Dev secops. Real experience.
Dev secops. Real experience.Vitaly Balashov
 
Embrace DevSecOps and Enjoy a Significant Competitive Advantage!
Embrace DevSecOps and Enjoy a Significant Competitive Advantage!Embrace DevSecOps and Enjoy a Significant Competitive Advantage!
Embrace DevSecOps and Enjoy a Significant Competitive Advantage!DevOps.com
 
DevOps: Security's Big Opportunity
DevOps: Security's Big OpportunityDevOps: Security's Big Opportunity
DevOps: Security's Big OpportunityTimothy Jarrett
 
Open Source Security at Scale- The DevOps Challenge 
Open Source Security at Scale- The DevOps Challenge Open Source Security at Scale- The DevOps Challenge 
Open Source Security at Scale- The DevOps Challenge WhiteSource
 
The State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities ManagementThe State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities ManagementWhiteSource
 
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA ProgramAppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA ProgramDenim Group
 
Tackling the Risks of Open Source Security: 5 Things You Need to Know
Tackling the Risks of Open Source Security: 5 Things You Need to KnowTackling the Risks of Open Source Security: 5 Things You Need to Know
Tackling the Risks of Open Source Security: 5 Things You Need to KnowWhiteSource
 
Shift Left Security - The What, Why and How
Shift Left Security - The What, Why and HowShift Left Security - The What, Why and How
Shift Left Security - The What, Why and HowDevOps.com
 
DevSecOps Singapore 2017 - Security in the Delivery Pipeline
DevSecOps Singapore 2017 - Security in the Delivery PipelineDevSecOps Singapore 2017 - Security in the Delivery Pipeline
DevSecOps Singapore 2017 - Security in the Delivery PipelineJames Wickett
 
DevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss BankingDevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss BankingAarno Aukia
 
Barriers to Container Security and How to Overcome Them
Barriers to Container Security and How to Overcome ThemBarriers to Container Security and How to Overcome Them
Barriers to Container Security and How to Overcome ThemWhiteSource
 
Secure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceSecure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceTej Luthra
 
Why Serverless is scary without DevSecOps and Observability
Why Serverless is scary without DevSecOps and ObservabilityWhy Serverless is scary without DevSecOps and Observability
Why Serverless is scary without DevSecOps and ObservabilityEficode
 
Addressing the Challenges of Mobile Test Automation
Addressing the Challenges of Mobile Test AutomationAddressing the Challenges of Mobile Test Automation
Addressing the Challenges of Mobile Test AutomationTechWell
 
Benefits of DevSecOps
Benefits of DevSecOpsBenefits of DevSecOps
Benefits of DevSecOpsFinto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
DevSecOps-OWASP Indonesia Day 2017
DevSecOps-OWASP Indonesia Day 2017DevSecOps-OWASP Indonesia Day 2017
DevSecOps-OWASP Indonesia Day 2017Suman Sourav
 
Testing in a Continuous Delivery Pipeline: Faster, Better, Cheaper
Testing in a Continuous Delivery Pipeline: Faster, Better, CheaperTesting in a Continuous Delivery Pipeline: Faster, Better, Cheaper
Testing in a Continuous Delivery Pipeline: Faster, Better, CheaperTechWell
 
Testing in an Agile World: The Current State and Future Possibilities
Testing in an Agile World: The Current State and Future PossibilitiesTesting in an Agile World: The Current State and Future Possibilities
Testing in an Agile World: The Current State and Future PossibilitiesTechWell
 
Tackling the Container Iceberg:How to approach security when most of your sof...
Tackling the Container Iceberg:How to approach security when most of your sof...Tackling the Container Iceberg:How to approach security when most of your sof...
Tackling the Container Iceberg:How to approach security when most of your sof...WhiteSource
 
RSAC DevSecOpsDays 2018 - We are all Equifax
RSAC DevSecOpsDays 2018 - We are all EquifaxRSAC DevSecOpsDays 2018 - We are all Equifax
RSAC DevSecOpsDays 2018 - We are all EquifaxSonatype
 
Take Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps ProgramTake Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps ProgramDeborah Schalm
 
DevSecOps for the DoD
DevSecOps for the DoDDevSecOps for the DoD
DevSecOps for the DoDJamesHarmison
 
Enterprise DevOps Series: Using VS Code & Zowe
Enterprise DevOps Series: Using VS Code & ZoweEnterprise DevOps Series: Using VS Code & Zowe
Enterprise DevOps Series: Using VS Code & ZoweDevOps.com
 
Your Resolution for 2018: Five Principles For Securing DevOps
Your Resolution for 2018: Five Principles For Securing DevOpsYour Resolution for 2018: Five Principles For Securing DevOps
Your Resolution for 2018: Five Principles For Securing DevOpsDevOps.com
 

More Related Content

What's hot

DevOps: Security's Big Opportunity
DevOps: Security's Big OpportunityDevOps: Security's Big Opportunity
DevOps: Security's Big OpportunityTimothy Jarrett
 
Open Source Security at Scale- The DevOps Challenge 
Open Source Security at Scale- The DevOps Challenge Open Source Security at Scale- The DevOps Challenge 
Open Source Security at Scale- The DevOps Challenge WhiteSource
 
The State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities ManagementThe State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities ManagementWhiteSource
 
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA ProgramAppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA ProgramDenim Group
 
Tackling the Risks of Open Source Security: 5 Things You Need to Know
Tackling the Risks of Open Source Security: 5 Things You Need to KnowTackling the Risks of Open Source Security: 5 Things You Need to Know
Tackling the Risks of Open Source Security: 5 Things You Need to KnowWhiteSource
 
Shift Left Security - The What, Why and How
Shift Left Security - The What, Why and HowShift Left Security - The What, Why and How
Shift Left Security - The What, Why and HowDevOps.com
 
DevSecOps Singapore 2017 - Security in the Delivery Pipeline
DevSecOps Singapore 2017 - Security in the Delivery PipelineDevSecOps Singapore 2017 - Security in the Delivery Pipeline
DevSecOps Singapore 2017 - Security in the Delivery PipelineJames Wickett
 
DevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss BankingDevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss BankingAarno Aukia
 
Barriers to Container Security and How to Overcome Them
Barriers to Container Security and How to Overcome ThemBarriers to Container Security and How to Overcome Them
Barriers to Container Security and How to Overcome ThemWhiteSource
 
Secure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceSecure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceTej Luthra
 
Why Serverless is scary without DevSecOps and Observability
Why Serverless is scary without DevSecOps and ObservabilityWhy Serverless is scary without DevSecOps and Observability
Why Serverless is scary without DevSecOps and ObservabilityEficode
 
Addressing the Challenges of Mobile Test Automation
Addressing the Challenges of Mobile Test AutomationAddressing the Challenges of Mobile Test Automation
Addressing the Challenges of Mobile Test AutomationTechWell
 
DevSecOps-OWASP Indonesia Day 2017
DevSecOps-OWASP Indonesia Day 2017DevSecOps-OWASP Indonesia Day 2017
DevSecOps-OWASP Indonesia Day 2017Suman Sourav
 
Testing in a Continuous Delivery Pipeline: Faster, Better, Cheaper
Testing in a Continuous Delivery Pipeline: Faster, Better, CheaperTesting in a Continuous Delivery Pipeline: Faster, Better, Cheaper
Testing in a Continuous Delivery Pipeline: Faster, Better, CheaperTechWell
 
Testing in an Agile World: The Current State and Future Possibilities
Testing in an Agile World: The Current State and Future PossibilitiesTesting in an Agile World: The Current State and Future Possibilities
Testing in an Agile World: The Current State and Future PossibilitiesTechWell
 
Tackling the Container Iceberg:How to approach security when most of your sof...
Tackling the Container Iceberg:How to approach security when most of your sof...Tackling the Container Iceberg:How to approach security when most of your sof...
Tackling the Container Iceberg:How to approach security when most of your sof...WhiteSource
 
RSAC DevSecOpsDays 2018 - We are all Equifax
RSAC DevSecOpsDays 2018 - We are all EquifaxRSAC DevSecOpsDays 2018 - We are all Equifax
RSAC DevSecOpsDays 2018 - We are all EquifaxSonatype
 
Take Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps ProgramTake Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps ProgramDeborah Schalm
 
DevSecOps for the DoD
DevSecOps for the DoDDevSecOps for the DoD
DevSecOps for the DoDJamesHarmison
 

What's hot (20)

DevOps: Security's Big Opportunity
DevOps: Security's Big OpportunityDevOps: Security's Big Opportunity
DevOps: Security's Big Opportunity
 
Open Source Security at Scale- The DevOps Challenge 
Open Source Security at Scale- The DevOps Challenge Open Source Security at Scale- The DevOps Challenge 
Open Source Security at Scale- The DevOps Challenge 
 
The State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities ManagementThe State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities Management
 
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA ProgramAppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
 
Tackling the Risks of Open Source Security: 5 Things You Need to Know
Tackling the Risks of Open Source Security: 5 Things You Need to KnowTackling the Risks of Open Source Security: 5 Things You Need to Know
Tackling the Risks of Open Source Security: 5 Things You Need to Know
 
Shift Left Security - The What, Why and How
Shift Left Security - The What, Why and HowShift Left Security - The What, Why and How
Shift Left Security - The What, Why and How
 
DevSecOps Singapore 2017 - Security in the Delivery Pipeline
DevSecOps Singapore 2017 - Security in the Delivery PipelineDevSecOps Singapore 2017 - Security in the Delivery Pipeline
DevSecOps Singapore 2017 - Security in the Delivery Pipeline
 
DevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss BankingDevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss Banking
 
Barriers to Container Security and How to Overcome Them
Barriers to Container Security and How to Overcome ThemBarriers to Container Security and How to Overcome Them
Barriers to Container Security and How to Overcome Them
 
Secure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceSecure DevOPS Implementation Guidance
Secure DevOPS Implementation Guidance
 
Why Serverless is scary without DevSecOps and Observability
Why Serverless is scary without DevSecOps and ObservabilityWhy Serverless is scary without DevSecOps and Observability
Why Serverless is scary without DevSecOps and Observability
 
Addressing the Challenges of Mobile Test Automation
Addressing the Challenges of Mobile Test AutomationAddressing the Challenges of Mobile Test Automation
Addressing the Challenges of Mobile Test Automation
 
Benefits of DevSecOps
Benefits of DevSecOpsBenefits of DevSecOps
Benefits of DevSecOps
 
DevSecOps-OWASP Indonesia Day 2017
DevSecOps-OWASP Indonesia Day 2017DevSecOps-OWASP Indonesia Day 2017
DevSecOps-OWASP Indonesia Day 2017
 
Testing in a Continuous Delivery Pipeline: Faster, Better, Cheaper
Testing in a Continuous Delivery Pipeline: Faster, Better, CheaperTesting in a Continuous Delivery Pipeline: Faster, Better, Cheaper
Testing in a Continuous Delivery Pipeline: Faster, Better, Cheaper
 
Testing in an Agile World: The Current State and Future Possibilities
Testing in an Agile World: The Current State and Future PossibilitiesTesting in an Agile World: The Current State and Future Possibilities
Testing in an Agile World: The Current State and Future Possibilities
 
Tackling the Container Iceberg:How to approach security when most of your sof...
Tackling the Container Iceberg:How to approach security when most of your sof...Tackling the Container Iceberg:How to approach security when most of your sof...
Tackling the Container Iceberg:How to approach security when most of your sof...
 
RSAC DevSecOpsDays 2018 - We are all Equifax
RSAC DevSecOpsDays 2018 - We are all EquifaxRSAC DevSecOpsDays 2018 - We are all Equifax
RSAC DevSecOpsDays 2018 - We are all Equifax
 
Take Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps ProgramTake Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps Program
 
DevSecOps for the DoD
DevSecOps for the DoDDevSecOps for the DoD
DevSecOps for the DoD
 

Similar to Scale DevSecOps with your Continuous Integration Pipeline

Enterprise DevOps Series: Using VS Code & Zowe
Enterprise DevOps Series: Using VS Code & ZoweEnterprise DevOps Series: Using VS Code & Zowe
Enterprise DevOps Series: Using VS Code & ZoweDevOps.com
 
Your Resolution for 2018: Five Principles For Securing DevOps
Your Resolution for 2018: Five Principles For Securing DevOpsYour Resolution for 2018: Five Principles For Securing DevOps
Your Resolution for 2018: Five Principles For Securing DevOpsDevOps.com
 
How to get the best out of DevSecOps - an operations perspective
How to get the best out of DevSecOps - an operations perspectiveHow to get the best out of DevSecOps - an operations perspective
How to get the best out of DevSecOps - an operations perspectiveColin Domoney
 
Integrate Security and Compliance into your CI/CD Pipeline
Integrate Security and Compliance into your CI/CD PipelineIntegrate Security and Compliance into your CI/CD Pipeline
Integrate Security and Compliance into your CI/CD PipelineDevOps Indonesia
 
Deploy Code into Production Faster on Kubernetes
Deploy Code into Production Faster on KubernetesDeploy Code into Production Faster on Kubernetes
Deploy Code into Production Faster on KubernetesVMware Tanzu
 
AWS Meetup: Career Day 2019 - Lightning Talk with Cloud Career Path: DevOps E...
AWS Meetup: Career Day 2019 - Lightning Talk with Cloud Career Path: DevOps E...AWS Meetup: Career Day 2019 - Lightning Talk with Cloud Career Path: DevOps E...
AWS Meetup: Career Day 2019 - Lightning Talk with Cloud Career Path: DevOps E...AWS User Group - Thailand
 
Testing 12-Factor Apps
Testing 12-Factor AppsTesting 12-Factor Apps
Testing 12-Factor AppsPhillip Marlow
 
How to get the best out of DevSecOps - a security perspective
How to get the best out of DevSecOps - a security perspectiveHow to get the best out of DevSecOps - a security perspective
How to get the best out of DevSecOps - a security perspectiveColin Domoney
 
Shift Left for More Secure Apps with F5 NGINX
Shift Left for More Secure Apps with F5 NGINXShift Left for More Secure Apps with F5 NGINX
Shift Left for More Secure Apps with F5 NGINXNGINX, Inc.
 
CI/CD Best Practices for Your DevOps Journey
CI/CD Best Practices for Your DevOps JourneyCI/CD Best Practices for Your DevOps Journey
CI/CD Best Practices for Your DevOps JourneyDevOps.com
 
IBM Pulse session 2727: Continuous delivery -accelerated with DevOps
IBM Pulse session 2727: Continuous delivery -accelerated with DevOpsIBM Pulse session 2727: Continuous delivery -accelerated with DevOps
IBM Pulse session 2727: Continuous delivery -accelerated with DevOpsSanjeev Sharma
 
Tanzu Developer Connect Workshop - English
Tanzu Developer Connect Workshop - EnglishTanzu Developer Connect Workshop - English
Tanzu Developer Connect Workshop - EnglishVMware Tanzu
 
Virtual Developer Connect Workshop - English
Virtual Developer Connect Workshop - EnglishVirtual Developer Connect Workshop - English
Virtual Developer Connect Workshop - EnglishVMware Tanzu
 
Shifting security all day dev ops
Shifting security all day dev opsShifting security all day dev ops
Shifting security all day dev opsTom Stiehm
 
Scale Continuous Deployment to Production with DeployHub and CloudBees
Scale Continuous Deployment to Production with DeployHub and CloudBeesScale Continuous Deployment to Production with DeployHub and CloudBees
Scale Continuous Deployment to Production with DeployHub and CloudBeesDevOps.com
 
Scale Continuous Deployment to Production with DeployHub and CloudBees
Scale Continuous Deployment to Production with DeployHub and CloudBeesScale Continuous Deployment to Production with DeployHub and CloudBees
Scale Continuous Deployment to Production with DeployHub and CloudBeesDeborah Schalm
 
Scaling AppSec through Education
Scaling AppSec through EducationScaling AppSec through Education
Scaling AppSec through EducationGrant Ongers
 
Full Spectrum Engineering – The New Full-stack
Full Spectrum Engineering – The New Full-stack Full Spectrum Engineering – The New Full-stack
Full Spectrum Engineering – The New Full-stack Deborah Schalm
 

Similar to Scale DevSecOps with your Continuous Integration Pipeline (20)

Enterprise DevOps Series: Using VS Code & Zowe
Enterprise DevOps Series: Using VS Code & ZoweEnterprise DevOps Series: Using VS Code & Zowe
Enterprise DevOps Series: Using VS Code & Zowe
 
Your Resolution for 2018: Five Principles For Securing DevOps
Your Resolution for 2018: Five Principles For Securing DevOpsYour Resolution for 2018: Five Principles For Securing DevOps
Your Resolution for 2018: Five Principles For Securing DevOps
 
How to get the best out of DevSecOps - an operations perspective
How to get the best out of DevSecOps - an operations perspectiveHow to get the best out of DevSecOps - an operations perspective
How to get the best out of DevSecOps - an operations perspective
 
Integrate Security and Compliance into your CI/CD Pipeline
Integrate Security and Compliance into your CI/CD PipelineIntegrate Security and Compliance into your CI/CD Pipeline
Integrate Security and Compliance into your CI/CD Pipeline
 
Deploy Code into Production Faster on Kubernetes
Deploy Code into Production Faster on KubernetesDeploy Code into Production Faster on Kubernetes
Deploy Code into Production Faster on Kubernetes
 
AWS Meetup: Career Day 2019 - Lightning Talk with Cloud Career Path: DevOps E...
AWS Meetup: Career Day 2019 - Lightning Talk with Cloud Career Path: DevOps E...AWS Meetup: Career Day 2019 - Lightning Talk with Cloud Career Path: DevOps E...
AWS Meetup: Career Day 2019 - Lightning Talk with Cloud Career Path: DevOps E...
 
Testing 12-Factor Apps
Testing 12-Factor AppsTesting 12-Factor Apps
Testing 12-Factor Apps
 
How to get the best out of DevSecOps - a security perspective
How to get the best out of DevSecOps - a security perspectiveHow to get the best out of DevSecOps - a security perspective
How to get the best out of DevSecOps - a security perspective
 
Shift Left for More Secure Apps with F5 NGINX
Shift Left for More Secure Apps with F5 NGINXShift Left for More Secure Apps with F5 NGINX
Shift Left for More Secure Apps with F5 NGINX
 
CI/CD Best Practices for Your DevOps Journey
CI/CD Best Practices for Your DevOps JourneyCI/CD Best Practices for Your DevOps Journey
CI/CD Best Practices for Your DevOps Journey
 
IBM Pulse session 2727: Continuous delivery -accelerated with DevOps
IBM Pulse session 2727: Continuous delivery -accelerated with DevOpsIBM Pulse session 2727: Continuous delivery -accelerated with DevOps
IBM Pulse session 2727: Continuous delivery -accelerated with DevOps
 
Tanzu Developer Connect Workshop - English
Tanzu Developer Connect Workshop - EnglishTanzu Developer Connect Workshop - English
Tanzu Developer Connect Workshop - English
 
Virtual Developer Connect Workshop - English
Virtual Developer Connect Workshop - EnglishVirtual Developer Connect Workshop - English
Virtual Developer Connect Workshop - English
 
Upmc tpdev5
Upmc tpdev5Upmc tpdev5
Upmc tpdev5
 
Shifting security all day dev ops
Shifting security all day dev opsShifting security all day dev ops
Shifting security all day dev ops
 
Scale Continuous Deployment to Production with DeployHub and CloudBees
Scale Continuous Deployment to Production with DeployHub and CloudBeesScale Continuous Deployment to Production with DeployHub and CloudBees
Scale Continuous Deployment to Production with DeployHub and CloudBees
 
Scale Continuous Deployment to Production with DeployHub and CloudBees
Scale Continuous Deployment to Production with DeployHub and CloudBeesScale Continuous Deployment to Production with DeployHub and CloudBees
Scale Continuous Deployment to Production with DeployHub and CloudBees
 
Webinar – Risk-based adaptive DevSecOps
Webinar – Risk-based adaptive DevSecOps Webinar – Risk-based adaptive DevSecOps
Webinar – Risk-based adaptive DevSecOps
 
Scaling AppSec through Education
Scaling AppSec through EducationScaling AppSec through Education
Scaling AppSec through Education
 
Full Spectrum Engineering – The New Full-stack
Full Spectrum Engineering – The New Full-stack Full Spectrum Engineering – The New Full-stack
Full Spectrum Engineering – The New Full-stack
 

More from DevOps.com

Modernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareModernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareDevOps.com
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...DevOps.com
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...DevOps.com
 
Next Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and SnykNext Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and SnykDevOps.com
 
Vulnerability Discovery in the Cloud
Vulnerability Discovery in the CloudVulnerability Discovery in the Cloud
Vulnerability Discovery in the CloudDevOps.com
 
2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and Predictions2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and PredictionsDevOps.com
 
A New Year’s Ransomware Resolution
A New Year’s Ransomware ResolutionA New Year’s Ransomware Resolution
A New Year’s Ransomware ResolutionDevOps.com
 
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)DevOps.com
 
Don't Panic! Effective Incident Response
Don't Panic! Effective Incident ResponseDon't Panic! Effective Incident Response
Don't Panic! Effective Incident ResponseDevOps.com
 
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's CultureCreating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's CultureDevOps.com
 
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with TeleportRole Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with TeleportDevOps.com
 
Monitoring Serverless Applications with Datadog
Monitoring Serverless Applications with DatadogMonitoring Serverless Applications with Datadog
Monitoring Serverless Applications with DatadogDevOps.com
 
Deliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or PrivatelyDeliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or PrivatelyDevOps.com
 
Securing medical apps in the age of covid final
Securing medical apps in the age of covid finalSecuring medical apps in the age of covid final
Securing medical apps in the age of covid finalDevOps.com
 
How to Build a Healthy On-Call Culture
How to Build a Healthy On-Call CultureHow to Build a Healthy On-Call Culture
How to Build a Healthy On-Call CultureDevOps.com
 
The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021DevOps.com
 
Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?DevOps.com
 
Secure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsSecure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsDevOps.com
 
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...DevOps.com
 
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...DevOps.com
 

More from DevOps.com (20)

Modernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareModernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source Software
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
 
Next Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and SnykNext Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and Snyk
 
Vulnerability Discovery in the Cloud
Vulnerability Discovery in the CloudVulnerability Discovery in the Cloud
Vulnerability Discovery in the Cloud
 
2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and Predictions2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and Predictions
 
A New Year’s Ransomware Resolution
A New Year’s Ransomware ResolutionA New Year’s Ransomware Resolution
A New Year’s Ransomware Resolution
 
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
 
Don't Panic! Effective Incident Response
Don't Panic! Effective Incident ResponseDon't Panic! Effective Incident Response
Don't Panic! Effective Incident Response
 
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's CultureCreating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
 
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with TeleportRole Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
 
Monitoring Serverless Applications with Datadog
Monitoring Serverless Applications with DatadogMonitoring Serverless Applications with Datadog
Monitoring Serverless Applications with Datadog
 
Deliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or PrivatelyDeliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or Privately
 
Securing medical apps in the age of covid final
Securing medical apps in the age of covid finalSecuring medical apps in the age of covid final
Securing medical apps in the age of covid final
 
How to Build a Healthy On-Call Culture
How to Build a Healthy On-Call CultureHow to Build a Healthy On-Call Culture
How to Build a Healthy On-Call Culture
 
The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021
 
Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?
 
Secure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsSecure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift Environments
 
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
 
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
 

Recently uploaded

CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 

Recently uploaded (20)

CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 

Scale DevSecOps with your Continuous Integration Pipeline

  • 1. © 2019 VERACODE INC.1 © 2019 VERACODE INC. Scale DevSecOps with your Continuous Integration Pipeline Presented by DevOps.com and Veracode
  • 2. © 2019 VERACODE INC.2 Today’s Presenters Janet Worthington Principal Product Manager Vineeta Puranik Vice President of Engineering and Operations
  • 3. © 2019 VERACODE INC.3 Audience Poll What is your role on the team? • Developer • Developer in Test • Security • DevOps • Manager
  • 4. © 2019 VERACODE INC.4 What is Dev(Sec)Ops? • “DevOps is the practice of operations and development engineers participating together in the entire service lifecycle, from design through the development process to production support.” • “DevOps is also characterized by operations staff using many of the same techniques as developers for their systems work.” Source : ‘What Is DevOps?’ 2010. The Agile Admin. August 2. https://theagileadmin.com/what-is-devops/
  • 5. © 2019 VERACODE INC.5 DevSecOps: Shift in culture Dev Sec Ops Work in small batches Automate when possible Security controls: automate Trust: Safe to fail Fast delivery to customers Collaborate Feedback Learn
  • 6. © 2019 VERACODE INC.6 Metrics to measure Source: DORA: 2018 State of DevOps Report
  • 7. © 2019 VERACODE INC.7 DevOps allows teams to deploy code daily/hourly, reduce lead time for changes, reduce time to restore service and minimize the impact of new changes on production. Source: DORA: 2018 State of DevOps Report
  • 8. © 2019 VERACODE INC.8 Work Flow cycle: Agile Development Team • Dev, QA, IT, Ops, UX, Security – cross functional teams collaborate to achieve common organizational goal • Less friction, more velocity – Work flows smoothly through entire value stream to customer • Plan, code, Test – Agile – Modular – Automate • Small continuous deploys • Infrastructure as code Recommended book DevOps Handbook by Gene Kim
  • 9. © 2019 VERACODE INC.9 Software Deployment CICD • Promote code early and often Test early and often, including security issues • Continuous integration, builds, and tests • Fast and reliable automation test suites • Package once, deploy anywhere • Canary or blue green deployments
  • 10. © 2019 VERACODE INC.10 Software Availability: Operations • Monitoring- server, app performance • Continuous Feedback, Learning • Experiment: Fail fast; learn fast • Testing Operations Security – everyone’s job everyday • Increased awareness of production issues
  • 11. © 2019 VERACODE INC.11 DevSecOps Best Practices Source: Veracode: The Developer’s Guide to the DevSecOps Galaxy
  • 12. © 2019 VERACODE INC.12 Benefits of DevSecOps for Developers Source: Stripe: The Developer Coefficient, Sept 2018 Source: Puppet: 2016 State of DevOps Report
  • 13. © 2019 VERACODE INC.13 Source: Veracode: State of Software Security Volume 9
  • 14. © 2019 VERACODE INC.14 Security Throughout The Lifecycle Static Policy Speed & Prevention Coverage & Remediation Is the Application Secure? Is My Code Secure? Is Our Combined Code Secure? Static SandboxGreenlight JAVA JAVA
  • 15. © 2019 VERACODE INC.15 Greenlight Helps developers answer the question – “Is my code good?” Continuous Flaw Feedback Fast, Early, Focused scans of code that a developer is currently working on Secure Coding Education Remediation guidance provided directly to the Developer to assist with quick fixes  Reduce the number of flaws entered into downstream activities  Maintain development velocity  Improve adoption with tools that work the way developers expect them to
  • 16. © 2019 VERACODE INC.16 Greenlight Where You Want It IDE Build CI RAD
  • 17. © 2019 VERACODE INC.17 Code Code Continuous Testing Pipeline Functional Tests / Integration Tests / Performance Tests + Static Sandbox DevSecOps: Scan Early, Scan Often Continuous Integration Pipeline Build / Unit Test / Code Quality / Code Review + Greenlight API Continuous Delivery Pipeline Stage/ UAT/ Final Validation / Deploy + Static Policy Continuous Development Code / Compile / Debug / Unit Test / Commit + Greenlight IDE
  • 18. © 2019 VERACODE INC.18 CI CD Workflow Example
  • 19. © 2019 VERACODE INC.19 Continuous Integration Pipelines
  • 20. © 2019 VERACODE INC.20 Dev Env: Write, Commit and Push
  • 21. © 2019 VERACODE INC.21 Feature Branch Pipeline: Failed scan new/changed files Greenlight
  • 22. © 2019 VERACODE INC.22 Greenlight Scan: Summary Results
  • 23. © 2019 VERACODE INC.23 Greenlight JSON Results Archive Greenlight results JSON file with scan details is archived to: gl-scanner-java_<projectref-commithash>_greenlight-results.zip
  • 24. © 2019 VERACODE INC.24 Dev Env: Fix, Commit and Push
  • 25. © 2019 VERACODE INC.25 Feature Branch Pipeline: Success Greenlight scan new/changed files
  • 26. © 2019 VERACODE INC.26 Feature Branch: Merge Request
  • 27. © 2019 VERACODE INC.27 Feature Branch: Merge Approval
  • 28. © 2019 VERACODE INC.28 Continuous Integration Succeeds, Continuous Test Triggered Tag for Release
  • 29. © 2019 VERACODE INC.29 Continuous Test Succeeds & Continuous Delivery Triggered Veracode Static Scan Project Deploy
  • 30. © 2019 VERACODE INC.30 Pipeline Configuration Code .gitlab-ci.yml Greenlight CI Tool
  • 32. © 2019 VERACODE INC.32 DevSecOps Resources Kim, Gene, Patrick Debois, and John Willis. 2016. The Devops Handbook: How to Create World- Class Agility, Reliability, and Security in Technology Organizations Veracode Helps Developers Find Security Flaws Faster Using AWS. 2017. AWS. https://aws.amazon.com/sol utions/case- studies/veracode/ State of Software Security. Volume 9. Veracode. https://www.veracode.com /state-of-software-security- report The Developers Guide To The DevSecOps Galaxy. 2017. Veracode. https://info.veracode.com /guide-developers-to- devsecops-galaxy.html ‘2018 Accelerate: State of DevOps Report’. 2018. Dora. https://cloudplatformonline. com/rs/248-TPC- 286/images/DORA- State%20of%20DevOps.pdf
  • 33. © 2019 VERACODE INC.33 Thank You