A DevSecOps Demo: Early, Everywhere, At Scale

•

2 likes•511 views

In Crossing the DevOps and Infosec Divide, Gene Kim and experts from Sonatype and XebiaLabs gave an overview of the common people, process, and tool challenges enterprise teams are facing and discussed some of the practices high performing teams are finding success with in bridging the DevOps and Information Security divide. Register for Part Two of this DevSecOps on-demand webinar series and see real-world use cases of DevSecOps in practice. During this recording, Ilkka Turunen, Solutions Architect, Sonatype and Rob Vanstone, Principal Sales Engineer, XebiaLabs also outline how security fits into the DevOps process, discuss the essential requirements for integrating security in a DevOps-native world as well as the key metrics to look for to ensure DevSecOps success.

Software

WEBINAR
A DevSecOps Demo
Early, everywhere, at scale

2
Housekeeping
▪  This webinar is being recorded
▪  Links to the slides and the recording
will be made available a:er the
presenta<on
▪  You can post ques<ons via the
GoToWebinar Control Panel

3
Meet Your Presenters
Ilkka Turunen
Solu<ons Architect EMEA
Sonatype
Rob Vanstone
Director of Solu<ons Architecture
XebiaLabs
Tim Buntel
VP of Products
XebiaLabs

4
Sonatype - History of SoFware Dependencies
Apache Maven
Maven
Central Repository
Nexus Repository
125K
9M
52B
5B
Nexus Component
Intelligence
2005
2017

5
DEPLOY
PROVISION
XebiaLabs – Enterprise DevOps
Deliver, release and deploy any applica1on with the visibility,
automa1on and control you need for DevOps at enterprise scale

8
XXXXX
HAS ALREADY CONSUMED
8
~ Marc Marc Andreessen 2011

11
Transi<ve Dependencies (Maven central Aug 2015)
Complex interedependencies

12
Javascript
transi<vity

- 80 million JS ﬁles
- 6 million unique ﬁles

14
jar
app
container
system
Build & bundle
Deployment
Provision
The Earlier You Get it the BeWer it is
jar
jar
jar
jar
src
TTR: 250**
TTR: 50**
TTR: 25**
TTR: 10**
**Source: CrossTalk: The Journal of Defense So:ware Engineering – average <me measurement applied

16
Dev CD CI
Prod
QA

UAT
Block Bad Stuﬀ
Early Feedback
Policy Enforcement
Trusted components
Monitored for new issues
Build
Public Component
Repositories

Source Control Deploy Repository
Developers
Policy Enforcement

17
Build
Public Component
Repositories
Source Control Deploy Repository
Developers
Dev
Prod
QA

UAT

23
OrchestraZon
Packaging can already fail if
security vulnerabili4es are
found
There s4ll may be manual
ac4vi4es for your now
included Security roles
Time might have elapsed
since build and release
(ini4ally)
Check at every opportunity

24
Control
Packaging can already fail if
security vulnerabili4es are
found
There s4ll may be manual
ac4vi4es for your now
included Security roles
Time might have elapsed
since build and release
(ini4ally)
Check at every opportunity

26
Build
Public Component
Repositories
Source Control Deploy Repository
Developers
Dev
Prod
QA

UAT

27
Register for Our Next Webinar!
http://bit.ly/2pCLpQr

What's hot

XebiaLabs: DevOps 2020 with Gene KimXebiaLabs

CI/CD (DevOps) 101Hazzim Anaya

Enterprise CI as-a-Service using JenkinsCollabNet

MERGE 2016 Opening RemarksPerforce

Painless DevSecOps: Building Security Into Your DevOps PipelineTasktop

Microsoft DevOps Forum 2021 – DevOps & SecurityNico Meisenzahl

The Human Side of DevSecOpsJules Pierre-Louis

Security Implications for a DevOps TransformationDeborah Schalm

Full Spectrum Engineering – The New Full-stack Deborah Schalm

Perforce Innovations Showcase Perforce

Introducing GitSwarm: Pure Git with Globally Scalable DevOpsPerforce

A beginners guide to scaling DevOpsEficode

Enabing DevOps in an SDN WorldCisco DevNet

A Reference Architecture to Enable Visibility and Traceability across the Ent...CollabNet

Scale DevSecOps with your Continuous Integration PipelineDevOps.com

Perforce on Tour 2015 - Optimising the Developer Pipeline: Deliver Faster & ...Perforce

Devopslakmal123

Git in the Enterprise: How to succeed at DevOps using Git and a monorepoGina Bustos

Introduction to DevOpsRavindu Fernando

DevOps by examples - Continuous Lifecycle London 2017Giulio Vian

What's hot (20)

XebiaLabs: DevOps 2020 with Gene Kim

CI/CD (DevOps) 101

Enterprise CI as-a-Service using Jenkins

MERGE 2016 Opening Remarks

Painless DevSecOps: Building Security Into Your DevOps Pipeline

Microsoft DevOps Forum 2021 – DevOps & Security

The Human Side of DevSecOps

Security Implications for a DevOps Transformation

Full Spectrum Engineering – The New Full-stack

Perforce Innovations Showcase

Introducing GitSwarm: Pure Git with Globally Scalable DevOps

A beginners guide to scaling DevOps

Enabing DevOps in an SDN World

A Reference Architecture to Enable Visibility and Traceability across the Ent...

Scale DevSecOps with your Continuous Integration Pipeline

Perforce on Tour 2015 - Optimising the Developer Pipeline: Deliver Faster & ...

Devops

Git in the Enterprise: How to succeed at DevOps using Git and a monorepo

Introduction to DevOps

DevOps by examples - Continuous Lifecycle London 2017

Similar to A DevSecOps Demo: Early, Everywhere, At Scale

Unified Deployment: Including the Mainframe in Enterprise DevOpsXebiaLabs

Unified Deployment: Including the Mainframe in Enterprise DevOpsCompuware

CAPS: What's best for deploying and managing OpenStack? Chef vs. Ansible vs. ...Daniel Krook

CAPS: What's best for deploying and managing OpenStack? Chef vs. Ansible vs. ...Animesh Singh

DevOps and MicroserviceInho Kang

Monoliths to microservices workshopJudy Breedlove

Shift Left and Automate: How to Bake Compliance and Security into Your Softwa...XebiaLabs

Cont0519Samuel Dratwa

Sreekanth_Weblogic and Websphere Profilesrikanth m

MavenVineela Madarapu

What's New in Puppet Enterprise 2016.2Puppet

What's New in Puppet Enterprise 2016.2 (EMEA)Puppet

DevOps as a Pathway to AWS | AWS Public Sector Summit 2016Amazon Web Services

2009-04-21 - Alfresco and Maven NXP case studySymphony Software Foundation

DevOps-EbookPrathapM32

CICD_BestPractices.pdfmotupalli2

Edureka-DevOps-Ebook.pdfrelekarsushant

Moving from Legacy Development Tools to transformative DevOps with Enterprise...Infostretch

Microservices, DevOps, Continuous Delivery – More Than Three BuzzwordsEberhard Wolff

Devops : Automate Your Infrastructure with PuppetEdureka!

Similar to A DevSecOps Demo: Early, Everywhere, At Scale (20)

Unified Deployment: Including the Mainframe in Enterprise DevOps

CAPS: What's best for deploying and managing OpenStack? Chef vs. Ansible vs. ...

DevOps and Microservice

Monoliths to microservices workshop

Shift Left and Automate: How to Bake Compliance and Security into Your Softwa...

Cont0519

Sreekanth_Weblogic and Websphere Profile

Maven

What's New in Puppet Enterprise 2016.2

What's New in Puppet Enterprise 2016.2 (EMEA)

DevOps as a Pathway to AWS | AWS Public Sector Summit 2016

2009-04-21 - Alfresco and Maven NXP case study

DevOps-Ebook

CICD_BestPractices.pdf

Edureka-DevOps-Ebook.pdf

Moving from Legacy Development Tools to transformative DevOps with Enterprise...

Microservices, DevOps, Continuous Delivery – More Than Three Buzzwords

Devops : Automate Your Infrastructure with Puppet

Recently uploaded

Automate your Kamailio Test Calls - Kamailio World 2024Andreas Granig

Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions

Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110

Folding Cheat Sheet #4 - fourth in a seriesPhilip Schwarz

英国UN学位证,北安普顿大学毕业证书1:1制作qr0udbr0

SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanyChristoph Pohl

Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)jennyeacort

Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service9953056974 Low Rate Call Girls In Saket, Delhi NCR

GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfAlina Yurenko

Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq

Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin

React Server Component in Next.js by Hanief UtamaHanief Utama

Software Project Health Check: Best Practices and Techniques for Your Product...Velvetech LLC

The Evolution of Karaoke From Analog to App.pdfPower Karaoke

Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed

Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ

Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3

办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样umasea

chapter--4-software-project-planning.pptkotipi9215

MYjobs Presentation Django-based projectAnoyGreter

Recently uploaded (20)

Automate your Kamailio Test Calls - Kamailio World 2024

Advancing Engineering with AI through the Next Generation of Strategic Projec...

Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...

Folding Cheat Sheet #4 - fourth in a series

英国UN学位证,北安普顿大学毕业证书1:1制作

SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany

Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)

Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service

GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf

Salesforce Certified Field Service Consultant

Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide

React Server Component in Next.js by Hanief Utama

Software Project Health Check: Best Practices and Techniques for Your Product...

The Evolution of Karaoke From Analog to App.pdf

Unveiling Design Patterns: A Visual Guide with UML Diagrams

Cloud Management Software Platforms: OpenStack

Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data

办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样

chapter--4-software-project-planning.ppt

MYjobs Presentation Django-based project