A Practical Guide to CI/CD Security Gating - Ben Hirschberg, ARMO

A Practical Guide to CI/CD Security Gating - Ben Hirschberg, ARMO

GitOps and modern engineering have enabled us to provide higher quality code at greater speeds by introducing guardrails and checks into our automated CI/CD processes and tools, such as Flux & ArgoCD. However, with security becoming a more pressing matter as more critical zero-day threats arise, at the same time as application and development processes all moving to more automated CI/CD processes––this is becoming a critical point for enforcing security validations and checks. In this talk, I'd like to provide a primer for practically implementing simple security gates to improve our CI security hygiene before threats propagate to your Github repos, and production. By using developer and cloud native tooling like Flux, ArgoCD, VSCode, CLIs and open source security tools that provide coverage for the most common security issues like misconfigurations, code vulnerability & registry scanning, you can continuously ensure that security is monitored & enforced all within the dev-context and workflow. We will provide a real world end-to-end code example for how to bake the right measure of security gates into your favorite OSS & GitOps tooling.