DevOps teams are often cautious when adding security to their automated pipelines because security tools have a bad reputation of being slow and blocking delivery. There are four must have controls that need to be integrated when moving towards DevSecOps. This talk digs into these four controls.
7. This is a story about how not to
piss off a DevOps team
8. DJ Schleen, CNDA, CEH, CPT, CDSOE, CDOF. CTPRP, vBSIMM, ITIL
DevSecOps Evangelist and Security Architect
Don’t Fear the
of the DevSecOpalypse
@djschleen
19. My entire chapter in “Epic Failures of DevSecOps” is about
SAST. It will kill your pipeline if not implemented properly.
SAST Build
Develop
@djschleen
Wait
Icons courtesy of Freepik, OCSA, Yannick
21. It’s like opening the hood of an old car and seeing which
parts are rusted and which parts aren’t. @djschleen
CVABuild
Develop
Package
Icons courtesy of Freepik, OCSA, Yannick
22. Declare war on your vendors. What’s that pile of junk
you just gave us? A trojan? @djschleen
CVA
or
Icons courtesy of Smashicons
Vendor Image
31. Thank you!
Grab a pre-release copy of our new book
“Epic Failures of DevSecOps”
https://t.co/u8ErG1zshD
https://devxops.ninja
@djschleen
@djschleen