SlideShare a Scribd company logo

Linux Foundation Live Webinar: Applying Governance to CI/CD

Download as PPTX, PDF
Tiffany Jachja
Tiffany Jachja

In the SolarWinds hack of 2020, FireEye, a cybersecurity vendor, announced an intrusion that resulted in the theft of over 300 proprietary security tools offered by the vendor. SolarWinds, an IT monitoring vendor, had pushed malicious code to over 18,000 customers, including Fortune 500 companies and large federal agencies, including the U.S. Department of Homeland Security (DHS), Microsoft, and NASA. Following this announcement, security experts launched an investigation into the hack, putting the Software Development Life Cycle (SDLC) and all its processes under review. Join this webinar session as we discuss: The role of CI/CD and its potential impacts on events like the SolarWinds hack How to apply IT Governance principles and practices to CI/CD pipelines And how to use these CI/CD capabilities to the reduce and mitigate software risks

Technology
1 of 36
Confidential / © Harness Inc. 2020 Applying Governance to CI/CD Tiffany Jachja | Technical Evangelist | Harness
Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 The SolarWinds Hack of 2020. Discovered in December 2020, by cybersecurity firm FireEye Confidential / © Harness Inc. 2020 P/2 Resource: https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file- that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/
Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 The SolarWinds Hack of 2020. Discovered in December 2020, by cybersecurity firm FireEye Caused by a supply chain hack Compromised over 18,000 SolarWinds customers Confidential / © Harness Inc. 2020 P/3 Resource: https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file- that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/
Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 — The Cost of Software Failures Confidential / © Harness Inc. 2020 P/4 Resource: https://dzone.com/articles/open-source-vulnerabilities-will-they-ever-end https://raygun.com/blog/cost-of-software-errors/ $4million per data breach correction 3.6billion people affected $1.7trillion In financial losses
Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 — Why use a CI/CD pipeline? Confidential / © Harness Inc. 2020 P/5 D E S I G N D E V E L O P M E N T T E S T I N G D E P L O Y M E N T ESTIMATED COST OF RECOVERING FROM VULNERABILITIES 5x 15x 95x
Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 CI/CD Governance is how organizations attest to the integrity of assets in a delivery pipeline Confidential / © Harness Inc. 2020 P/6
Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 — In this session: Definitions Principles of governance Practices and tooling Confidential / © Harness Inc. 2020 P/7
Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 P/8 Continuous Integration & Continuous Delivery
Confidential / © Harness Inc. 2020 P/9 Confidential / © Harness Inc. 2020 P/9 A Basic CI/CD Pipeline
Confidential / © Harness Inc. 2020 P/10 Confidential / © Harness Inc. 2020 P/10 Continuous Integration != Continuous Delivery Code Build & Test Artifacts Continuous Integration Artifact
Confidential / © Harness Inc. 2020 P/11 Confidential / © Harness Inc. 2020 P/11 Continuous Integration != Continuous Delivery Code Build & Test Release Strategy Rollback Verification Infrastructure Provisioning Cloud Stacks Change Management Artifacts Continuous Integration Artifact Continuous Delivery Basic Rolling Canary Blue / Green
Confidential / © Harness Inc. 2020 P/12 Confidential / © Harness Inc. 2020 P/12 Succeeding CI/CD Code Build & Test Overall Visibility, Dashboards, & Reporting Release Strategy Secrets, Auditing & Compliance Rollback Verification Infrastructure Provisioning Cloud Stacks Change Management Artifacts Continuous Integration Artifact Environment Variables & Pipeline Management Continuous Delivery Custom Scripts Basic Rolling Canary Blue / Green
Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 P/13 What is Governance?
Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 — What is GRC? Governance– Expecting the unexpected Setting communication channels Overseeing maintenance and achievement Confidential / © Harness Inc. 2020 P/14
Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 — What is GRC? Risk– Identifying Risks Rating and prioritizing them Mitigate them Confidential / © Harness Inc. 2020 P/15
Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 — What is GRC? Compliance– Meeting expectations Documenting and logging Improving on the gaps Confidential / © Harness Inc. 2020 P/16
Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 IT Governance is how organizations monitor and control IT capabilities and decisions for the delivery of value to key stakeholders. Confidential / © Harness Inc. 2020 P/17
Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 P/18 Monitor Control
Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 — In the Build phase: Coded, and ready to go? Dependency Check Static Code Analysis Container or App Runtime Scanners Secret Scanning Confidential / © Harness Inc. 2020 P/19
Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 Open-source software is currently used by 96 percent of the most popular applications in the enterprise market. More than 4000 security vulnerabilities are discovered in open-source projects a year. Confidential / © Harness Inc. 2020 P/20 Resource: https://www.zdnet.com/article/enterprise-codebases-plagued-by-open-source-vulnerabilities/
Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 P/21 Resource: https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file- that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/
Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 P/22  Infected function Original function 
Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 P/23 — Where do security vulnerabilities live?
Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 P/24 — Who has access?
Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 — In the test phase: We’re packed, and ready to go! Automated Testing Suites White and Black Box unit testing In pre-prod environments: integration test Confidential / © Harness Inc. 2020 P/25
Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 Control: Unit Test Attestation: “All tests executed and passed” Confidential / © Harness Inc. 2020 P/26
Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 Control: Unit Tests Attestation: “All tests executed and passed.” Control: Clean Dependencies Attestation: “All dependencies in this build are free of known security defects.” Confidential / © Harness Inc. 2020 P/27
Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 — In the deployment phase: We’re provisioning, configuring, and delivering! Testing your configurations System tests, Vulnerability Scanning Pen Testing Confidential / © Harness Inc. 2020 P/28
Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 P/29 — Introducing Manual Approvals
Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 P/30
Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 P/31
Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 — Where can I find this in the wild? Capital One implements what’s called 16 gates. Confidential / © Harness Inc. 2020 P/32
Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 — Where can I find this in the wild? Capital One implements what’s called 16 gates. John Willis co-authored a whitepaper in 2019 on automated pipeline governance. Confidential / © Harness Inc. 2020 P/33
Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 — Where can I find this in the wild? Capital One implements what’s called 16 gates. John Willis co-authored a whitepaper in 2019 on automated pipeline governance. Harness customers in the financial sector doing this. Confidential / © Harness Inc. 2020 P/34
Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 THE KEY TAKE AWAYS Automated Pipeline Governance Controlling, Understanding, and Mitigating Risk Continuous Improvements Confidential / © Harness Inc. 2020 P/35
Confidential / © Harness Inc. 2020 P/36 Confidential / © Harness Inc. 2020 @tiffanyjachja THANK YOU — Any Questions? / Contact: tiffany@harness.io Confidential / © Harness Inc. 2020 P/36 @harnessio

Recommended

ATEA
ATEAATEA
ATEACisco Case Studies
 
The security phoenix - from the ashes of DEV-OPS Appsec California 2020
The security phoenix - from the ashes of DEV-OPS Appsec California 2020The security phoenix - from the ashes of DEV-OPS Appsec California 2020
The security phoenix - from the ashes of DEV-OPS Appsec California 2020NSC42 Ltd
 
Nsc42 the security phoenix
Nsc42 the security phoenixNsc42 the security phoenix
Nsc42 the security phoenixNSC42 Ltd
 
Nsc42 - the security phoenix devsecops - risk-present_0_3 share
Nsc42 - the security phoenix devsecops - risk-present_0_3 shareNsc42 - the security phoenix devsecops - risk-present_0_3 share
Nsc42 - the security phoenix devsecops - risk-present_0_3 shareNSC42 Ltd
 
Nsc42 security knights slayer of dragons 0-5_very_short_15m_share
Nsc42 security knights slayer of dragons 0-5_very_short_15m_shareNsc42 security knights slayer of dragons 0-5_very_short_15m_share
Nsc42 security knights slayer of dragons 0-5_very_short_15m_shareNSC42 Ltd
 
Mfg workshop security
Mfg workshop securityMfg workshop security
Mfg workshop securityRobert Albach
 
Cisco Live Cancun Collaboration Press
Cisco Live Cancun Collaboration PressCisco Live Cancun Collaboration Press
Cisco Live Cancun Collaboration PressFelipe Lamus
 
Industrial Cyber Security - EVF 2019 Alexandre Darcherif
Industrial Cyber Security - EVF 2019 Alexandre DarcherifIndustrial Cyber Security - EVF 2019 Alexandre Darcherif
Industrial Cyber Security - EVF 2019 Alexandre DarcherifAlexandre Darcherif
 

Recommended

ATEA
ATEAATEA
ATEACisco Case Studies
 
The security phoenix - from the ashes of DEV-OPS Appsec California 2020
The security phoenix - from the ashes of DEV-OPS Appsec California 2020The security phoenix - from the ashes of DEV-OPS Appsec California 2020
The security phoenix - from the ashes of DEV-OPS Appsec California 2020NSC42 Ltd
 
Nsc42 the security phoenix
Nsc42 the security phoenixNsc42 the security phoenix
Nsc42 the security phoenixNSC42 Ltd
 
Nsc42 - the security phoenix devsecops - risk-present_0_3 share
Nsc42 - the security phoenix devsecops - risk-present_0_3 shareNsc42 - the security phoenix devsecops - risk-present_0_3 share
Nsc42 - the security phoenix devsecops - risk-present_0_3 shareNSC42 Ltd
 
Nsc42 security knights slayer of dragons 0-5_very_short_15m_share
Nsc42 security knights slayer of dragons 0-5_very_short_15m_shareNsc42 security knights slayer of dragons 0-5_very_short_15m_share
Nsc42 security knights slayer of dragons 0-5_very_short_15m_shareNSC42 Ltd
 
Mfg workshop security
Mfg workshop securityMfg workshop security
Mfg workshop securityRobert Albach
 
Cisco Live Cancun Collaboration Press
Cisco Live Cancun Collaboration PressCisco Live Cancun Collaboration Press
Cisco Live Cancun Collaboration PressFelipe Lamus
 
Industrial Cyber Security - EVF 2019 Alexandre Darcherif
Industrial Cyber Security - EVF 2019 Alexandre DarcherifIndustrial Cyber Security - EVF 2019 Alexandre Darcherif
Industrial Cyber Security - EVF 2019 Alexandre DarcherifAlexandre Darcherif
 
2015 ISA Calgary Show: IACS Cyber Incident Preparation
2015 ISA Calgary Show: IACS Cyber Incident Preparation2015 ISA Calgary Show: IACS Cyber Incident Preparation
2015 ISA Calgary Show: IACS Cyber Incident PreparationCimation
 
Securely Deploying Micro Services, Containers & Serverless PaaS Web Apps
Securely Deploying Micro Services, Containers & Serverless PaaS Web AppsSecurely Deploying Micro Services, Containers & Serverless PaaS Web Apps
Securely Deploying Micro Services, Containers & Serverless PaaS Web AppsPriyanka Aash
 
2017 Security Report Presentation
2017 Security Report Presentation2017 Security Report Presentation
2017 Security Report Presentationixiademandgen
 
OSS Tools: Creating a Reverse Engineering Plug-in for r2frida
OSS Tools: Creating a Reverse Engineering Plug-in for r2fridaOSS Tools: Creating a Reverse Engineering Plug-in for r2frida
OSS Tools: Creating a Reverse Engineering Plug-in for r2fridaNowSecure
 
RVAsec Bill Weinberg Open Source Hygiene Presentation
RVAsec Bill Weinberg Open Source Hygiene PresentationRVAsec Bill Weinberg Open Source Hygiene Presentation
RVAsec Bill Weinberg Open Source Hygiene PresentationBlack Duck by Synopsys
 
AirTight Networks - Wireless Security 2011
AirTight Networks - Wireless Security 2011AirTight Networks - Wireless Security 2011
AirTight Networks - Wireless Security 2011Risk Analysis Consultants, s.r.o.
 
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...NowSecure
 
Scalar Security Roadshow - Toronto Presentation
Scalar Security Roadshow - Toronto PresentationScalar Security Roadshow - Toronto Presentation
Scalar Security Roadshow - Toronto PresentationScalar Decisions
 
Open Source Outlook: Expected Developments for 2016
Open Source Outlook: Expected Developments for 2016Open Source Outlook: Expected Developments for 2016
Open Source Outlook: Expected Developments for 2016Black Duck by Synopsys
 
Reporte de Seguridad Anual de Cisco 2014 - Por Carlos Rienzi
Reporte de Seguridad Anual de Cisco 2014 - Por Carlos RienziReporte de Seguridad Anual de Cisco 2014 - Por Carlos Rienzi
Reporte de Seguridad Anual de Cisco 2014 - Por Carlos RienziOscar Romano
 
Cisco - The Security Scoop
Cisco - The Security ScoopCisco - The Security Scoop
Cisco - The Security ScoopDerek Lewis
 
Create a Unified View of Your Application Security Program – Black Duck Hub a...
Create a Unified View of Your Application Security Program – Black Duck Hub a...Create a Unified View of Your Application Security Program – Black Duck Hub a...
Create a Unified View of Your Application Security Program – Black Duck Hub a...Denim Group
 
iOS recon with Radare2
iOS recon with Radare2iOS recon with Radare2
iOS recon with Radare2NowSecure
 
ThreadFix and SD Elements Unifying Security Requirements and Vulnerability Ma...
ThreadFix and SD Elements Unifying Security Requirements and Vulnerability Ma...ThreadFix and SD Elements Unifying Security Requirements and Vulnerability Ma...
ThreadFix and SD Elements Unifying Security Requirements and Vulnerability Ma...Denim Group
 
Finding Secrets in Source Code the DevOps Way
Finding Secrets in Source Code the DevOps WayFinding Secrets in Source Code the DevOps Way
Finding Secrets in Source Code the DevOps WayPhillip Marlow
 
Today's Predictions for Tomorrow's Connected World
Today's Predictions for Tomorrow's Connected World Today's Predictions for Tomorrow's Connected World
Today's Predictions for Tomorrow's Connected World Symantec
 
Fortinet Broşür
Fortinet BroşürFortinet Broşür
Fortinet BroşürGüney Bilişim
 
Considerations for a secure enterprise wlan data connectors 2013
Considerations for a secure enterprise wlan data connectors 2013Considerations for a secure enterprise wlan data connectors 2013
Considerations for a secure enterprise wlan data connectors 2013AirTight Networks
 
A Snapshot of DevOps
A Snapshot of DevOpsA Snapshot of DevOps
A Snapshot of DevOpsTiffany Jachja
 
Devops JS A Guide to CI/CD
Devops JS A Guide to CI/CDDevops JS A Guide to CI/CD
Devops JS A Guide to CI/CDTiffany Jachja
 
Skilup Day Value Stream Management: Fundamentals in Lean Thinking
Skilup Day Value Stream Management: Fundamentals in Lean ThinkingSkilup Day Value Stream Management: Fundamentals in Lean Thinking
Skilup Day Value Stream Management: Fundamentals in Lean ThinkingTiffany Jachja
 
{unscripted} 2020 : A Conference for Simplifying and Scaling Software Delivery
{unscripted} 2020 : A Conference for Simplifying and Scaling Software Delivery{unscripted} 2020 : A Conference for Simplifying and Scaling Software Delivery
{unscripted} 2020 : A Conference for Simplifying and Scaling Software DeliveryTiffany Jachja
 

More Related Content

What's hot

2015 ISA Calgary Show: IACS Cyber Incident Preparation
2015 ISA Calgary Show: IACS Cyber Incident Preparation2015 ISA Calgary Show: IACS Cyber Incident Preparation
2015 ISA Calgary Show: IACS Cyber Incident PreparationCimation
 
Securely Deploying Micro Services, Containers & Serverless PaaS Web Apps
Securely Deploying Micro Services, Containers & Serverless PaaS Web AppsSecurely Deploying Micro Services, Containers & Serverless PaaS Web Apps
Securely Deploying Micro Services, Containers & Serverless PaaS Web AppsPriyanka Aash
 
2017 Security Report Presentation
2017 Security Report Presentation2017 Security Report Presentation
2017 Security Report Presentationixiademandgen
 
OSS Tools: Creating a Reverse Engineering Plug-in for r2frida
OSS Tools: Creating a Reverse Engineering Plug-in for r2fridaOSS Tools: Creating a Reverse Engineering Plug-in for r2frida
OSS Tools: Creating a Reverse Engineering Plug-in for r2fridaNowSecure
 
RVAsec Bill Weinberg Open Source Hygiene Presentation
RVAsec Bill Weinberg Open Source Hygiene PresentationRVAsec Bill Weinberg Open Source Hygiene Presentation
RVAsec Bill Weinberg Open Source Hygiene PresentationBlack Duck by Synopsys
 
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...NowSecure
 
Scalar Security Roadshow - Toronto Presentation
Scalar Security Roadshow - Toronto PresentationScalar Security Roadshow - Toronto Presentation
Scalar Security Roadshow - Toronto PresentationScalar Decisions
 
Open Source Outlook: Expected Developments for 2016
Open Source Outlook: Expected Developments for 2016Open Source Outlook: Expected Developments for 2016
Open Source Outlook: Expected Developments for 2016Black Duck by Synopsys
 
Reporte de Seguridad Anual de Cisco 2014 - Por Carlos Rienzi
Reporte de Seguridad Anual de Cisco 2014 - Por Carlos RienziReporte de Seguridad Anual de Cisco 2014 - Por Carlos Rienzi
Reporte de Seguridad Anual de Cisco 2014 - Por Carlos RienziOscar Romano
 
Cisco - The Security Scoop
Cisco - The Security ScoopCisco - The Security Scoop
Cisco - The Security ScoopDerek Lewis
 
Create a Unified View of Your Application Security Program – Black Duck Hub a...
Create a Unified View of Your Application Security Program – Black Duck Hub a...Create a Unified View of Your Application Security Program – Black Duck Hub a...
Create a Unified View of Your Application Security Program – Black Duck Hub a...Denim Group
 
iOS recon with Radare2
iOS recon with Radare2iOS recon with Radare2
iOS recon with Radare2NowSecure
 
ThreadFix and SD Elements Unifying Security Requirements and Vulnerability Ma...
ThreadFix and SD Elements Unifying Security Requirements and Vulnerability Ma...ThreadFix and SD Elements Unifying Security Requirements and Vulnerability Ma...
ThreadFix and SD Elements Unifying Security Requirements and Vulnerability Ma...Denim Group
 
Finding Secrets in Source Code the DevOps Way
Finding Secrets in Source Code the DevOps WayFinding Secrets in Source Code the DevOps Way
Finding Secrets in Source Code the DevOps WayPhillip Marlow
 
Today's Predictions for Tomorrow's Connected World
Today's Predictions for Tomorrow's Connected World Today's Predictions for Tomorrow's Connected World
Today's Predictions for Tomorrow's Connected World Symantec
 
Considerations for a secure enterprise wlan data connectors 2013
Considerations for a secure enterprise wlan data connectors 2013Considerations for a secure enterprise wlan data connectors 2013
Considerations for a secure enterprise wlan data connectors 2013AirTight Networks
 

What's hot (18)

2015 ISA Calgary Show: IACS Cyber Incident Preparation
2015 ISA Calgary Show: IACS Cyber Incident Preparation2015 ISA Calgary Show: IACS Cyber Incident Preparation
2015 ISA Calgary Show: IACS Cyber Incident Preparation
 
Securely Deploying Micro Services, Containers & Serverless PaaS Web Apps
Securely Deploying Micro Services, Containers & Serverless PaaS Web AppsSecurely Deploying Micro Services, Containers & Serverless PaaS Web Apps
Securely Deploying Micro Services, Containers & Serverless PaaS Web Apps
 
2017 Security Report Presentation
2017 Security Report Presentation2017 Security Report Presentation
2017 Security Report Presentation
 
OSS Tools: Creating a Reverse Engineering Plug-in for r2frida
OSS Tools: Creating a Reverse Engineering Plug-in for r2fridaOSS Tools: Creating a Reverse Engineering Plug-in for r2frida
OSS Tools: Creating a Reverse Engineering Plug-in for r2frida
 
RVAsec Bill Weinberg Open Source Hygiene Presentation
RVAsec Bill Weinberg Open Source Hygiene PresentationRVAsec Bill Weinberg Open Source Hygiene Presentation
RVAsec Bill Weinberg Open Source Hygiene Presentation
 
AirTight Networks - Wireless Security 2011
AirTight Networks - Wireless Security 2011AirTight Networks - Wireless Security 2011
AirTight Networks - Wireless Security 2011
 
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
 
Scalar Security Roadshow - Toronto Presentation
Scalar Security Roadshow - Toronto PresentationScalar Security Roadshow - Toronto Presentation
Scalar Security Roadshow - Toronto Presentation
 
Open Source Outlook: Expected Developments for 2016
Open Source Outlook: Expected Developments for 2016Open Source Outlook: Expected Developments for 2016
Open Source Outlook: Expected Developments for 2016
 
Reporte de Seguridad Anual de Cisco 2014 - Por Carlos Rienzi
Reporte de Seguridad Anual de Cisco 2014 - Por Carlos RienziReporte de Seguridad Anual de Cisco 2014 - Por Carlos Rienzi
Reporte de Seguridad Anual de Cisco 2014 - Por Carlos Rienzi
 
Cisco - The Security Scoop
Cisco - The Security ScoopCisco - The Security Scoop
Cisco - The Security Scoop
 
Create a Unified View of Your Application Security Program – Black Duck Hub a...
Create a Unified View of Your Application Security Program – Black Duck Hub a...Create a Unified View of Your Application Security Program – Black Duck Hub a...
Create a Unified View of Your Application Security Program – Black Duck Hub a...
 
iOS recon with Radare2
iOS recon with Radare2iOS recon with Radare2
iOS recon with Radare2
 
ThreadFix and SD Elements Unifying Security Requirements and Vulnerability Ma...
ThreadFix and SD Elements Unifying Security Requirements and Vulnerability Ma...ThreadFix and SD Elements Unifying Security Requirements and Vulnerability Ma...
ThreadFix and SD Elements Unifying Security Requirements and Vulnerability Ma...
 
Finding Secrets in Source Code the DevOps Way
Finding Secrets in Source Code the DevOps WayFinding Secrets in Source Code the DevOps Way
Finding Secrets in Source Code the DevOps Way
 
Today's Predictions for Tomorrow's Connected World
Today's Predictions for Tomorrow's Connected World Today's Predictions for Tomorrow's Connected World
Today's Predictions for Tomorrow's Connected World
 
Fortinet Broşür
Fortinet BroşürFortinet Broşür
Fortinet Broşür
 
Considerations for a secure enterprise wlan data connectors 2013
Considerations for a secure enterprise wlan data connectors 2013Considerations for a secure enterprise wlan data connectors 2013
Considerations for a secure enterprise wlan data connectors 2013
 

Similar to Linux Foundation Live Webinar: Applying Governance to CI/CD

Devops JS A Guide to CI/CD
Devops JS A Guide to CI/CDDevops JS A Guide to CI/CD
Devops JS A Guide to CI/CDTiffany Jachja
 
Skilup Day Value Stream Management: Fundamentals in Lean Thinking
Skilup Day Value Stream Management: Fundamentals in Lean ThinkingSkilup Day Value Stream Management: Fundamentals in Lean Thinking
Skilup Day Value Stream Management: Fundamentals in Lean ThinkingTiffany Jachja
 
{unscripted} 2020 : A Conference for Simplifying and Scaling Software Delivery
{unscripted} 2020 : A Conference for Simplifying and Scaling Software Delivery{unscripted} 2020 : A Conference for Simplifying and Scaling Software Delivery
{unscripted} 2020 : A Conference for Simplifying and Scaling Software DeliveryTiffany Jachja
 
A Leader’s Guide to DevOps Practices and Culture
A Leader’s Guide to DevOps Practices and CultureA Leader’s Guide to DevOps Practices and Culture
A Leader’s Guide to DevOps Practices and CultureVMware Tanzu
 
Optimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at ScaleOptimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at ScaleDenim Group
 
Succeeding With Microservices | Harness Webinar
Succeeding With Microservices | Harness WebinarSucceeding With Microservices | Harness Webinar
Succeeding With Microservices | Harness WebinarTiffany Jachja
 
A DevOps Practitioner’s Guide to AI and ML
A DevOps Practitioner’s Guide to AI and MLA DevOps Practitioner’s Guide to AI and ML
A DevOps Practitioner’s Guide to AI and MLTiffany Jachja
 
Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019
Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019 Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019
Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019 Amazon Web Services
 
Prepare Your DevOps Culture to Withstand the Digital Experience Onslaught
Prepare Your DevOps Culture to Withstand the Digital Experience OnslaughtPrepare Your DevOps Culture to Withstand the Digital Experience Onslaught
Prepare Your DevOps Culture to Withstand the Digital Experience OnslaughtDevOps.com
 
JLove conference 2020 - Reacting to an Event-Driven World
JLove conference 2020 - Reacting to an Event-Driven WorldJLove conference 2020 - Reacting to an Event-Driven World
JLove conference 2020 - Reacting to an Event-Driven WorldGrace Jansen
 
Fortinet - Digital Government Cloud Security 2.pptx
Fortinet - Digital Government Cloud Security 2.pptxFortinet - Digital Government Cloud Security 2.pptx
Fortinet - Digital Government Cloud Security 2.pptxThanhBoHoaluaVn
 
[Cisco Connect 2018 - Vietnam] Brink sanders cisco connect opening_keynote_vn_v4
[Cisco Connect 2018 - Vietnam] Brink sanders cisco connect opening_keynote_vn_v4[Cisco Connect 2018 - Vietnam] Brink sanders cisco connect opening_keynote_vn_v4
[Cisco Connect 2018 - Vietnam] Brink sanders cisco connect opening_keynote_vn_v4Nur Shiqim Chok
 
Your Code Isn’t Static. Your Processes Shouldn’t be Either.
Your Code Isn’t Static. Your Processes Shouldn’t be Either.Your Code Isn’t Static. Your Processes Shouldn’t be Either.
Your Code Isn’t Static. Your Processes Shouldn’t be Either.DevOps.com
 
Brink sanders cisco architecture keynote
Brink sanders cisco architecture keynoteBrink sanders cisco architecture keynote
Brink sanders cisco architecture keynoteNur Shiqim Chok
 
Safeguard the Integrity of Your Code for Fast and Secure Deployments - SVC206...
Safeguard the Integrity of Your Code for Fast and Secure Deployments - SVC206...Safeguard the Integrity of Your Code for Fast and Secure Deployments - SVC206...
Safeguard the Integrity of Your Code for Fast and Secure Deployments - SVC206...Amazon Web Services
 
The CARzyPire - Another Red Team Operation
The CARzyPire - Another Red Team OperationThe CARzyPire - Another Red Team Operation
The CARzyPire - Another Red Team OperationPrathan Phongthiproek
 
Symantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB ProjectsSymantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB ProjectsSymantec
 

Similar to Linux Foundation Live Webinar: Applying Governance to CI/CD (20)

A Snapshot of DevOps
A Snapshot of DevOpsA Snapshot of DevOps
A Snapshot of DevOps
 
Devops JS A Guide to CI/CD
Devops JS A Guide to CI/CDDevops JS A Guide to CI/CD
Devops JS A Guide to CI/CD
 
Skilup Day Value Stream Management: Fundamentals in Lean Thinking
Skilup Day Value Stream Management: Fundamentals in Lean ThinkingSkilup Day Value Stream Management: Fundamentals in Lean Thinking
Skilup Day Value Stream Management: Fundamentals in Lean Thinking
 
{unscripted} 2020 : A Conference for Simplifying and Scaling Software Delivery
{unscripted} 2020 : A Conference for Simplifying and Scaling Software Delivery{unscripted} 2020 : A Conference for Simplifying and Scaling Software Delivery
{unscripted} 2020 : A Conference for Simplifying and Scaling Software Delivery
 
A Leader’s Guide to DevOps Practices and Culture
A Leader’s Guide to DevOps Practices and CultureA Leader’s Guide to DevOps Practices and Culture
A Leader’s Guide to DevOps Practices and Culture
 
Optimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at ScaleOptimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at Scale
 
Succeeding With Microservices | Harness Webinar
Succeeding With Microservices | Harness WebinarSucceeding With Microservices | Harness Webinar
Succeeding With Microservices | Harness Webinar
 
A DevOps Practitioner’s Guide to AI and ML
A DevOps Practitioner’s Guide to AI and MLA DevOps Practitioner’s Guide to AI and ML
A DevOps Practitioner’s Guide to AI and ML
 
Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019
Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019 Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019
Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019
 
Prepare Your DevOps Culture to Withstand the Digital Experience Onslaught
Prepare Your DevOps Culture to Withstand the Digital Experience OnslaughtPrepare Your DevOps Culture to Withstand the Digital Experience Onslaught
Prepare Your DevOps Culture to Withstand the Digital Experience Onslaught
 
JLove conference 2020 - Reacting to an Event-Driven World
JLove conference 2020 - Reacting to an Event-Driven WorldJLove conference 2020 - Reacting to an Event-Driven World
JLove conference 2020 - Reacting to an Event-Driven World
 
Fortinet - Digital Government Cloud Security 2.pptx
Fortinet - Digital Government Cloud Security 2.pptxFortinet - Digital Government Cloud Security 2.pptx
Fortinet - Digital Government Cloud Security 2.pptx
 
[Cisco Connect 2018 - Vietnam] Brink sanders cisco connect opening_keynote_vn_v4
[Cisco Connect 2018 - Vietnam] Brink sanders cisco connect opening_keynote_vn_v4[Cisco Connect 2018 - Vietnam] Brink sanders cisco connect opening_keynote_vn_v4
[Cisco Connect 2018 - Vietnam] Brink sanders cisco connect opening_keynote_vn_v4
 
What Is Spring?
What Is Spring?What Is Spring?
What Is Spring?
 
Your Code Isn’t Static. Your Processes Shouldn’t be Either.
Your Code Isn’t Static. Your Processes Shouldn’t be Either.Your Code Isn’t Static. Your Processes Shouldn’t be Either.
Your Code Isn’t Static. Your Processes Shouldn’t be Either.
 
Fortinet_for_SAP
Fortinet_for_SAPFortinet_for_SAP
Fortinet_for_SAP
 
Brink sanders cisco architecture keynote
Brink sanders cisco architecture keynoteBrink sanders cisco architecture keynote
Brink sanders cisco architecture keynote
 
Safeguard the Integrity of Your Code for Fast and Secure Deployments - SVC206...
Safeguard the Integrity of Your Code for Fast and Secure Deployments - SVC206...Safeguard the Integrity of Your Code for Fast and Secure Deployments - SVC206...
Safeguard the Integrity of Your Code for Fast and Secure Deployments - SVC206...
 
The CARzyPire - Another Red Team Operation
The CARzyPire - Another Red Team OperationThe CARzyPire - Another Red Team Operation
The CARzyPire - Another Red Team Operation
 
Symantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB ProjectsSymantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB Projects
 

More from Tiffany Jachja

AWS MLS-C01 Exam Study Notes
AWS MLS-C01 Exam Study NotesAWS MLS-C01 Exam Study Notes
AWS MLS-C01 Exam Study NotesTiffany Jachja
 
Scaling Software Delivery.pdf
Scaling Software Delivery.pdfScaling Software Delivery.pdf
Scaling Software Delivery.pdfTiffany Jachja
 
Observability for CI/CD Pipelines | Infographic
Observability for CI/CD Pipelines | InfographicObservability for CI/CD Pipelines | Infographic
Observability for CI/CD Pipelines | InfographicTiffany Jachja
 
Continuous Delivery | Infographic
Continuous Delivery | InfographicContinuous Delivery | Infographic
Continuous Delivery | InfographicTiffany Jachja
 
Lean Thinking | Infographic
Lean Thinking | InfographicLean Thinking | Infographic
Lean Thinking | InfographicTiffany Jachja
 
Enterprise Kubernetes | Infographic
Enterprise Kubernetes | InfographicEnterprise Kubernetes | Infographic
Enterprise Kubernetes | InfographicTiffany Jachja
 
Agile foundations for developers
Agile foundations for developers Agile foundations for developers
Agile foundations for developers Tiffany Jachja
 
DevOps World 2020: Optimizing Kubernetes Cloud Costs
DevOps World 2020: Optimizing Kubernetes Cloud CostsDevOps World 2020: Optimizing Kubernetes Cloud Costs
DevOps World 2020: Optimizing Kubernetes Cloud CostsTiffany Jachja
 
CdCon 2020 Lightning Talk: CI/CD Patterns
CdCon 2020 Lightning Talk: CI/CD PatternsCdCon 2020 Lightning Talk: CI/CD Patterns
CdCon 2020 Lightning Talk: CI/CD PatternsTiffany Jachja
 
Connect Ahead 2020: Continuous Delivery Today
Connect Ahead 2020: Continuous Delivery TodayConnect Ahead 2020: Continuous Delivery Today
Connect Ahead 2020: Continuous Delivery TodayTiffany Jachja
 
A Developer's Guide to Cloud Costs
A Developer's Guide to Cloud CostsA Developer's Guide to Cloud Costs
A Developer's Guide to Cloud CostsTiffany Jachja
 
DevOps Institute SkilUp Day Enterprise Kubernetes - Navigating Your Kubernete...
DevOps Institute SkilUp Day Enterprise Kubernetes - Navigating Your Kubernete...DevOps Institute SkilUp Day Enterprise Kubernetes - Navigating Your Kubernete...
DevOps Institute SkilUp Day Enterprise Kubernetes - Navigating Your Kubernete...Tiffany Jachja
 
Building Microservices with Distributed Tracing and Eclipse Vert.x
Building Microservices with Distributed Tracing and Eclipse Vert.xBuilding Microservices with Distributed Tracing and Eclipse Vert.x
Building Microservices with Distributed Tracing and Eclipse Vert.xTiffany Jachja
 

More from Tiffany Jachja (14)

CD_Con_Japan_2023.pdf
CD_Con_Japan_2023.pdfCD_Con_Japan_2023.pdf
CD_Con_Japan_2023.pdf
 
AWS MLS-C01 Exam Study Notes
AWS MLS-C01 Exam Study NotesAWS MLS-C01 Exam Study Notes
AWS MLS-C01 Exam Study Notes
 
Scaling Software Delivery.pdf
Scaling Software Delivery.pdfScaling Software Delivery.pdf
Scaling Software Delivery.pdf
 
Observability for CI/CD Pipelines | Infographic
Observability for CI/CD Pipelines | InfographicObservability for CI/CD Pipelines | Infographic
Observability for CI/CD Pipelines | Infographic
 
Continuous Delivery | Infographic
Continuous Delivery | InfographicContinuous Delivery | Infographic
Continuous Delivery | Infographic
 
Lean Thinking | Infographic
Lean Thinking | InfographicLean Thinking | Infographic
Lean Thinking | Infographic
 
Enterprise Kubernetes | Infographic
Enterprise Kubernetes | InfographicEnterprise Kubernetes | Infographic
Enterprise Kubernetes | Infographic
 
Agile foundations for developers
Agile foundations for developers Agile foundations for developers
Agile foundations for developers
 
DevOps World 2020: Optimizing Kubernetes Cloud Costs
DevOps World 2020: Optimizing Kubernetes Cloud CostsDevOps World 2020: Optimizing Kubernetes Cloud Costs
DevOps World 2020: Optimizing Kubernetes Cloud Costs
 
CdCon 2020 Lightning Talk: CI/CD Patterns
CdCon 2020 Lightning Talk: CI/CD PatternsCdCon 2020 Lightning Talk: CI/CD Patterns
CdCon 2020 Lightning Talk: CI/CD Patterns
 
Connect Ahead 2020: Continuous Delivery Today
Connect Ahead 2020: Continuous Delivery TodayConnect Ahead 2020: Continuous Delivery Today
Connect Ahead 2020: Continuous Delivery Today
 
A Developer's Guide to Cloud Costs
A Developer's Guide to Cloud CostsA Developer's Guide to Cloud Costs
A Developer's Guide to Cloud Costs
 
DevOps Institute SkilUp Day Enterprise Kubernetes - Navigating Your Kubernete...
DevOps Institute SkilUp Day Enterprise Kubernetes - Navigating Your Kubernete...DevOps Institute SkilUp Day Enterprise Kubernetes - Navigating Your Kubernete...
DevOps Institute SkilUp Day Enterprise Kubernetes - Navigating Your Kubernete...
 
Building Microservices with Distributed Tracing and Eclipse Vert.x
Building Microservices with Distributed Tracing and Eclipse Vert.xBuilding Microservices with Distributed Tracing and Eclipse Vert.x
Building Microservices with Distributed Tracing and Eclipse Vert.x
 

Recently uploaded

Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 

Recently uploaded (20)

Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 

Linux Foundation Live Webinar: Applying Governance to CI/CD

  • 1. Confidential / © Harness Inc. 2020 Applying Governance to CI/CD Tiffany Jachja | Technical Evangelist | Harness
  • 2. Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 The SolarWinds Hack of 2020. Discovered in December 2020, by cybersecurity firm FireEye Confidential / © Harness Inc. 2020 P/2 Resource: https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file- that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/
  • 3. Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 The SolarWinds Hack of 2020. Discovered in December 2020, by cybersecurity firm FireEye Caused by a supply chain hack Compromised over 18,000 SolarWinds customers Confidential / © Harness Inc. 2020 P/3 Resource: https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file- that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/
  • 4. Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 — The Cost of Software Failures Confidential / © Harness Inc. 2020 P/4 Resource: https://dzone.com/articles/open-source-vulnerabilities-will-they-ever-end https://raygun.com/blog/cost-of-software-errors/ $4million per data breach correction 3.6billion people affected $1.7trillion In financial losses
  • 5. Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 — Why use a CI/CD pipeline? Confidential / © Harness Inc. 2020 P/5 D E S I G N D E V E L O P M E N T T E S T I N G D E P L O Y M E N T ESTIMATED COST OF RECOVERING FROM VULNERABILITIES 5x 15x 95x
  • 6. Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 CI/CD Governance is how organizations attest to the integrity of assets in a delivery pipeline Confidential / © Harness Inc. 2020 P/6
  • 7. Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 — In this session: Definitions Principles of governance Practices and tooling Confidential / © Harness Inc. 2020 P/7
  • 8. Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 P/8 Continuous Integration & Continuous Delivery
  • 9. Confidential / © Harness Inc. 2020 P/9 Confidential / © Harness Inc. 2020 P/9 A Basic CI/CD Pipeline
  • 10. Confidential / © Harness Inc. 2020 P/10 Confidential / © Harness Inc. 2020 P/10 Continuous Integration != Continuous Delivery Code Build & Test Artifacts Continuous Integration Artifact
  • 11. Confidential / © Harness Inc. 2020 P/11 Confidential / © Harness Inc. 2020 P/11 Continuous Integration != Continuous Delivery Code Build & Test Release Strategy Rollback Verification Infrastructure Provisioning Cloud Stacks Change Management Artifacts Continuous Integration Artifact Continuous Delivery Basic Rolling Canary Blue / Green
  • 12. Confidential / © Harness Inc. 2020 P/12 Confidential / © Harness Inc. 2020 P/12 Succeeding CI/CD Code Build & Test Overall Visibility, Dashboards, & Reporting Release Strategy Secrets, Auditing & Compliance Rollback Verification Infrastructure Provisioning Cloud Stacks Change Management Artifacts Continuous Integration Artifact Environment Variables & Pipeline Management Continuous Delivery Custom Scripts Basic Rolling Canary Blue / Green
  • 13. Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 P/13 What is Governance?
  • 14. Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 — What is GRC? Governance– Expecting the unexpected Setting communication channels Overseeing maintenance and achievement Confidential / © Harness Inc. 2020 P/14
  • 15. Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 — What is GRC? Risk– Identifying Risks Rating and prioritizing them Mitigate them Confidential / © Harness Inc. 2020 P/15
  • 16. Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 — What is GRC? Compliance– Meeting expectations Documenting and logging Improving on the gaps Confidential / © Harness Inc. 2020 P/16
  • 17. Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 IT Governance is how organizations monitor and control IT capabilities and decisions for the delivery of value to key stakeholders. Confidential / © Harness Inc. 2020 P/17
  • 18. Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 P/18 Monitor Control
  • 19. Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 — In the Build phase: Coded, and ready to go? Dependency Check Static Code Analysis Container or App Runtime Scanners Secret Scanning Confidential / © Harness Inc. 2020 P/19
  • 20. Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 Open-source software is currently used by 96 percent of the most popular applications in the enterprise market. More than 4000 security vulnerabilities are discovered in open-source projects a year. Confidential / © Harness Inc. 2020 P/20 Resource: https://www.zdnet.com/article/enterprise-codebases-plagued-by-open-source-vulnerabilities/
  • 21. Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 P/21 Resource: https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file- that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/
  • 22. Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 P/22  Infected function Original function 
  • 23. Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 P/23 — Where do security vulnerabilities live?
  • 24. Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 P/24 — Who has access?
  • 25. Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 — In the test phase: We’re packed, and ready to go! Automated Testing Suites White and Black Box unit testing In pre-prod environments: integration test Confidential / © Harness Inc. 2020 P/25
  • 26. Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 Control: Unit Test Attestation: “All tests executed and passed” Confidential / © Harness Inc. 2020 P/26
  • 27. Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 Control: Unit Tests Attestation: “All tests executed and passed.” Control: Clean Dependencies Attestation: “All dependencies in this build are free of known security defects.” Confidential / © Harness Inc. 2020 P/27
  • 28. Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 — In the deployment phase: We’re provisioning, configuring, and delivering! Testing your configurations System tests, Vulnerability Scanning Pen Testing Confidential / © Harness Inc. 2020 P/28
  • 29. Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 P/29 — Introducing Manual Approvals
  • 30. Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 P/30
  • 31. Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 P/31
  • 32. Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 — Where can I find this in the wild? Capital One implements what’s called 16 gates. Confidential / © Harness Inc. 2020 P/32
  • 33. Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 — Where can I find this in the wild? Capital One implements what’s called 16 gates. John Willis co-authored a whitepaper in 2019 on automated pipeline governance. Confidential / © Harness Inc. 2020 P/33
  • 34. Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 — Where can I find this in the wild? Capital One implements what’s called 16 gates. John Willis co-authored a whitepaper in 2019 on automated pipeline governance. Harness customers in the financial sector doing this. Confidential / © Harness Inc. 2020 P/34
  • 35. Confidential / © Harness Inc. 2020 Confidential / © Harness Inc. 2020 THE KEY TAKE AWAYS Automated Pipeline Governance Controlling, Understanding, and Mitigating Risk Continuous Improvements Confidential / © Harness Inc. 2020 P/35
  • 36. Confidential / © Harness Inc. 2020 P/36 Confidential / © Harness Inc. 2020 @tiffanyjachja THANK YOU — Any Questions? / Contact: tiffany@harness.io Confidential / © Harness Inc. 2020 P/36 @harnessio