ComeToCode 2022 - speech di Emerasoft

•

0 likes•11 views

DevSecOps toolchain: da Open Source a Enterprise è un attimo... o quasi! Tips & tricks per cavalcare sempre l’onda giusta nel tempestoso oceano dell’IT moderno. Andrea e Alessandro hanno parlato alle nuove leve dell'informatica di: fasi evolutive del DevOps, DevOps Platforms, da DevOps a DevSecOps, Quality scan, Security scan ma anche API Security scan, SAST & DAST. Infine hanno mostrato alcuni esempi di quanto descritto anticipando il “must have 2023” del DevSecOps.

Software

DevSecOps toolchain: da Open Source
a Enterprise è un attimo...
o quasi!
Tips & tricks per cavalcare sempre l’onda giusta nel tempestoso oceano dell’IT moderno

• The Four Phases of DevOps
• DevSecOps ToolChain
• Emerasoft ToolChain
• Real Case: Internet Service Provider CI/CD
• Real Case: WSO2 CI/CD
Schedule

BYO DevOps
Bring your own approach
Benefits
○ Increased individual team productivity
Costs and Risks
○ Uncoordinated purchasing
○ Redundant and incompatible tools
○ Redundant maintenance
○ Data &process silos
○ No alignment among teams
○ No integrations among teams
○ No centralized security or compliance
○ No consistent traceability /monitoring
A system of disparate tools
01
The Four Phases of DevOps

BIC DevOps
Best in class approach
Benefits
○ Reduced tool license cost
○ Reduced training overhead
○ Increased Team Collaboration
○ Less tool to maintain
Costs and Risks
○ No centralized governance
○ Manual handoffs ofconnectionamong tools
○ Data loss
○ Data &process silos
○ No alignment among functions
○ No centralized security or compliance
○ No consistent traceability /monitoring
A standardized toolchain
02
The Four Phases of DevOps

DIY DevOps
Doit yourself approach
Benefits
○ Increased governance and auditability
○ Automated handoffs between tools
Costs and Risks
○ Expensive custom integrations and
maintenance (updates)
○ Integration fragility limits innovation,
visibility
○ Security and testing often occur too late
A custom integration
03
The Four Phases of DevOps

DevOps
Platform
All together now
Benefits
○ Faster cycle times
○ Revenue acceleration
○ High collaboration
○ Improved security /monitoring
○ Fewer errors
○ No Maintenance (Saas)
○ Less Maintenance (On-Prem)
A single application
04
The Four Phases of DevOps

CODE REVIEW
Gitlab DevOps Platform
Sonatype Lift
Secure Code Warrior
SAST / DAST
Gitlab DevOps Platform
SOFTWARE COMPOSITION ANALYSIS
Sonatype Nexus Firewall
Sonatype Nexus LifeCycle
SECURITY TESTING
SmartBear Ready API
42 Crunch Platform
Yagaan Security Suite
DevSecOps ToolChain

COMPLIANCE POLICY VALIDATION
Sonatype Nexus LifeCycle
LOG AND AUDIT
Elastic ELK
RUNTIME APPLICATION PROTECTION
Digital.ai Application
Protection
CONTINUOUS MONITORING
Sonatype Nexus Container
Smartbear Alert Site
42 Crunch Platform
DevSecOps ToolChain

Real Case: Internet Service Provider : CI/CD Adoption checklist

Real Case: Internet Service Provider : CI/CD Toolchain

Real Case: Internet Service Provider : CI/CD Flow

Real Case: Internet Service Provider : DevOps Orchestration

Real Case: WSO2 CI/CD - Build/Deploy on VM

Real Case: WSO2 CI/CD - Build/Deploy on Container

Emerasoft, Lynx Group, fornisce competenze e soluzioni che permettono di affrontare
senza rischi le nuove sfide poste dal mercato grazie a un approccio collaudato.
Da oltre 15 anni Emerasoft porta in Italia tecnologie di frontiera su tematiche quali
Software Engineering, DevSecOps, IT Modernization, low-code..
Oggi insieme a Profesia rappresenta il comparto Innovazione del Gruppo.
Scopri chi siamo su www.emerasoft.com
Scopri il Gruppo Lynx su www.lynxspa.com

GRAZIE!
DOVE SIAMO
Milano - Torino - Padova - Roma
TELEFONO
Torino +39-011-0120370
WEBSITE
www.emerasoft.com
EMAIL
sales@emerasoft.com
SOCIAL

Even though you’re a small startup or medium-sized business and just beginning your product journey, it doesn’t mean you can’t have a robust and scalable DevOps environment like the enterprise experts. It is always a good practice when building a startup or a new company to have a solid foundation and start implementing efficient and scalable solutions early. Join and learn how having a limited budget doesn’t mean you can’t have enterprise quality tools.

Dutch Oracle Architects Platform - Reviewing Oracle OpenWorld 2017 and New Tr...

Lucas Jellema

Not since the rise of Service Oriented Architecture (and the supporting Fusion Middleware technology) over a decade ago have we seen so much rapid change in terms of application and infrastructure architecture. Cloud, Microservices and DevOps are perhaps the most explicit examples – but many other developments in technology, architecture and even the industry at large have an impact on how enterprises consider and employ IT – such as machine learning, IoT, blockchain. In this session for (infrastructure, solution, application, enterprise, security, data) architects – we will present the main stories, roadmaps and technologies from Oracle OpenWorld 2017 (and JavaOne) that influence, shape and enable architecture. We will brainstorm together on the consequences of the new directions outlined by Oracle – and coming our way from other quarters. We are seeing a a lot of change. New opportunities arise – that may become challenges or threats if we fail to recognize and embrace the change in time. This session will help us all to get a better handle on the winds in enterprise IT in general and in Oracle land in particular. Among the topics we will present and discuss are: - The Only Way is Up – the inevitable and imminent move from on premises to the cloud, and upwards in the stack – from IaaS to SaaS - Security and Ops in a hybrid landscape (multiple clouds & on premises, multiple technologies & interaction channels) - Autonomous Database – what, when, how - Oracle’s cloud strategy, High PaaS and Low PaaS, Open [source] technology (star of the show: Apache Kafka) and the commodization of the traditional Oracle platform - Container and Cloud Native at Oracle Cloud (Docker, Kubernetes Container Platform, Wercker, Istio Service Mesh, CNCF) - Serverless - Java Reborn – for microservices and cloud, modularized (highlights from the JavaOne conference) - Disruptive: Blockchain, IoT, Machine Learning

Containerization Strategy

Balaji Mariyappan

Back To Basics

kamalikamj

Continuos Integration and Delivery: from Zero to Hero with TeamCity, Docker a...

Lean IT Consulting

Business and IT agility through DevOps and microservice architecture powered ...

Lucas Jellema

IT needs to run in production in order to generate business value. DevOps is among other things a way of thinking focusing on production software. A business application requires a tailor made platform to generate business value. The combination of application and its platform is a DevOps product. The DevOps team has full responsibility for that product through its entire lifecycle. The microservices architecture promises flexibility, scalability, and optimal use of compute resources. Via independent components with well-defined scope and responsibility, interface, and ownership that are evolved and managed in an automated DevOps process, this architecture leverages current technologies and hard-learned insights from past decades. This session defines the objectives of Business with IT, of microservices and DevOps and introduces Containers and the container platform Kubernetes as crucial ingredients for making DevOps happen.

AWS18 Startup Day Toronto- Launching your Application the Amazon Way

Amazon Web Services

We'll show you how to take your application and launch it quickly on a variety of AWS infrastructure. You'll learn how to leverage CodeStar, CodeBuild, CodeDeploy, and Cloud9 to provide your startup with reliable, flexible, and cost efficient build pipelines in minutes. This will set your technical teams up for faster deploys and consistent development environments allowing you to focus on your product, not your deployment process. This is a key pain point for early stage startups, learn how to solve it before it starts to impact your team's productivity.

Evolve 2017 - Vegas - Devops, Docker and Security

John Willis

You know that adopting Continuous Delivery and DevOps is key to a high-performance company. You’ve read the books and are ready to build microservices in the cloud. Great! Let’s go back to the principles and see how to apply them in a cloud native environment. What used to about shipping code to static servers, is now about quickly creating decoupled pipelines for new services that are readily wired up into the platform and everything is driven by code. This talk will give concrete guidance in a world where autonomous teams continuously deploy many independent services and containers into an infrastructure that is dynamically created via APIs. Learn how to establish a culture that fosters fast local decisions and is driven by fast feedback. Remove friction by removing the staging environment and still release with confidence. Listen to stories from the trenches on true DevOps on AWS with “You build it, you run it” teams from AutoScout24, the largest online car marketplace Europe-wide. https://devopsconference.de/continuous-delivery/cloud-native-continuous-delivery/

451 Research: Data Is the Key to Friction in DevOps

Delphix

You’ve moved to agile. You’re “all in” on the cloud. And yet, you know there’s a ton of velocity in your DevOps projects left on the table. Jay Lyman, Principal Analyst with 451 Research, hosts a webinar with DevOps pioneers Patrick Lightbody, SVP of Product at Delphix and Nick Suwyn, Principal Systems Engineer at Choice Hotels, to explore how DevOps teams in the global enterprise have successfully check marked code management, configuration management and build management with various industry standard tools to combat the challenges brought upon by “data friction.” Jay will unveil his latest research on the state of DevOps and share thoughts on why there’s still tremendous inertia for companies in this space.

Docker Birthday #5 Meetup Cluj - Presentation

Alex Vranceanu

Tampere Docker meetup - Happy 5th Birthday Docker

Sakari Hoisko

DevOps For Everyone: Bringing DevOps Success to Every App and Every Role in y...

Siva Rama Krishna Chunduru

Containers, microservices and serverless for realists

Karthik Gaekwad

Cloud native Continuous Delivery

Christian Deger

You know that adopting Continuous Delivery is key to a high-performance company. You’ve read the books and are ready to build microservices in the cloud. Great! Let’s go back to the principles and see how to apply them in a cloud native environment. What used to be about shipping code to static servers, is now about quickly creating decoupled pipelines for new services that are readily wired up into the platform, and everything is driven by code. This talk will give concrete guidance for a world where autonomous teams continuously deploy many independent services and containers into an infrastructure that is dynamically created via APIs. Release without staging environment, but with confidence. Learn how to apply cloud native concepts to the delivery pipeline itself and how the concepts of continuous delivery need to be adjusted for microservices in the cloud. Hear real world examples, including how to QA in production.

Supply Chain Security for Developers.pdf

ssuserc5b30e

https://teachingcyber.gumroad.com/ The Software Supply Chain Security for Developers course takes you from little or no knowledge and shows you how to build security into development projects with practical demonstrations. You will learn the principles of configuring environments in a practical way using minimal lectures and focusing on step by step demonstrations. There are very few courses like this that get straight into the practicalities application security and devsecops. With this capability, you will be able to provide professional and consistent service to your company or clients and help secure your organisation. You will learn to implement security using GitHub and Azure DevOps. This is a fast-growing area, specialist developers with skills in security are in high demand and using the skills here will enable your career, giving you cyber security experience in Azure DevOps, GitHub and command line. If you are a beginner, this course is for you as it will give you the foundations in a practical way, not theoretical. If you are an experienced practitioner you are now becoming aware of conducting supply chain assessments, this course is absolutely essential for you. Some of the key areas you will learn are: Software Supply Chain Security Building software supply supply chain security into the development using GitHub Building software supply chain security into the development using Azure DevOps Practical application security skills Increase knowledge and skills around DevSecOps This course will give you the grounding you need to help you learn, retain and replicate the security skills necessary to build and improve your DevSecOps processes. The lectures are to the point and concise because your time, like many practitioners, is precious. All demos can be followed using your own software accounts and replayed time and again as your one-stop security reference. https://teachingcyber.gumroad.com/

DevSecOps - Security in DevOps

Aarno Aukia

Cloud and Network Transformation using DevOps methodology : Cisco Live 2015

Vimal Suba

DEVNET-1117 Open Source DevCenter Launched within DevNet

Cisco DevNet

Executive Briefing: The Why, What, and Where of Containers

NVISIA

Devtest Orchestration for SDN & NFV

Alex Henthorn-Iwane

Unleash Team Productivity with Real-Time Operations (DEV203-S) - AWS re:Inven...

Amazon Web Services

For today’s digital organizations, even a few minutes of downtime can mean millions of dollars lost and customers who go elsewhere. To keep up with customer expectations, organizations must handle and prioritize real-time operations at a scale that didn’t exist before. However, developing this competency is easier said than done, especially without a solid understanding of the capabilities needed to drive real-time operations across cloud and on-premises environments. In this session, we explore how innovations around machine learning, automation, and analytics, when combined with modern incident management best practices, can improve operational performance, team productivity, and drive business results. This session is brought to you by AWS partner, PagerDuty, Inc.

From Zero to Serverless

Chad Green

So many times our customers need a simple routine that can be executed on a routine basis but the solution doesn’t need to be an elaborate solution without going the trouble of setting servers and other infrastructure. Serverless computer is the abstraction of servers, infrastructure, and operating systems and make getting solutions to your customer’s needs much quicker and cheaper. During this session we will look at how Azure Functions will enable you to run code on-demand without having to explicitly provision or manage infrastructure.

DevSecOps: Bringing security to the DevOps pipeline

Aarno Aukia

Enterprise CI as-a-Service using Jenkins

CollabNet

Continuous Integration (CI) is frequently implemented as a dev process and not tied to the rest of the software development life cycle. Resulting in shadow IT, silo’d processes and information, and ultimately a lack of real time visibility across all stakeholders. And even greater implications such as risk of IP loss due to lack of corporate governance controls (e.g., RBAC, security and traceability). Watch this webinar to learn how to scale CI as-as-service using Jenkins across an enterprise. As teams self-select their CI tools, using TeamForge would allow individuals across your enterprise to rapidly access CI tools of their choosing, while central IT maintains full visibility and control with minimal effort. In this webinar, we also present a case study for establishing an organization-wide build ecosystem at a global financial services company.

SRV312 DevOps on AWS: Building Systems to Deliver Faster

Amazon Web Services

Software release cycles are now measured in days instead of months. Cutting edge companies are continuously delivering high quality software at a fast pace. In this session, we cover how you can begin your DevOps journey by sharing best practices and tools used by engineering teams at Amazon. We showcase how you can accelerate developer productivity by implementing continuous integration and delivery workflows. In addition, we introduce AWS CodeStar, AWS CodeCommit, AWS CodeBuild, AWS CodePipeline, AWS CodeDeploy, and AWS X-Ray, the services inspired by Amazon's internal developer tools and DevOps practices.

Cncf checkov and bridgecrew

LibbySchulze

PAnontiDEMO_5 motivi per cui una PA ha bisogno di una DAP

ComeToCode 2022 - speech di Emerasoft

Recommended

Recommended

More Related Content

Similar to ComeToCode 2022 - speech di Emerasoft

Similar to ComeToCode 2022 - speech di Emerasoft (20)

More from Emerasoft, solutions to collaborate

More from Emerasoft, solutions to collaborate (20)

Recently uploaded

Recently uploaded (20)

ComeToCode 2022 - speech di Emerasoft