Best Practices for securing CI/CD Pipelines or how to get Security right | Victoria Almazova

Показать описание

DevOps practices are in a place, containers are everywhere, pipelines are flying. We do Agile. We do DevOps. Now we should focus on following security practices for protecting the deployed resources, too. This is a reason why DevSecOps is not a hype anymore and is gaining more prominence. There is a lot of information about DevSecOps, but how to do it properly? Where to start? What are the best practices?

In this session, we will walk through an end-to-end scenario where we will deploy infrastructure components and solutions securely to the cloud. We will build a pipeline with security in mind to protect and detect potential security flaws during the build. We will focus on main the principles that you can apply to the most popular and used solutions and tools.
You will learn essential concepts:
- how to build an end-to-end CI/CD pipeline that builds the application and deploys infrastructure with security checks for the application, containers, and infrastructure;
- what security tools are available for CI/CD pipelines and the best way to implement them into different Git workflows;
- best practices and patterns of building security pipelines.

Рекомендации по теме

Комментарии

Great presentation. Thanks for sharing and keeping this available.

bobby

Just cracked an interview of Devops with just your explanation and keywords. Victoria you are great <3

chivaljazz

Just watched the way through, great presentation. Will go back an take more notes soon. This info was very helpful. Thanks again.

JoaquinBey

Don't ever loose your fantastic sense of humor!

firmsoil

lovely chart and movement of tasks around pipeline. thanks for being openminded to share and educate. regards from Singapore!

Numulagam

OMG as a cloud security person this is the story of my life!!

andreelyusef

"How many of you have SUCCESSFULLY implemented DevOps?" @ 3:56. ....hilarious. Good vid.

JoaquinBey

even though it was about security, somehow i didnt fall asleep watching it. very nicely done. thank you!

krneki

What's interesting is there is an emphasis on a safe product. This would require a 'DevSafeSecOps' process to be implemented to consider safety properties of a system and safety analysis to be carefully considered as part of an agile process, especially for a safety related product or service.

tiv

While this talk places a lot of emphasis on the security to go shift-left in the software development cycle, there's no major mention of protection/security of data within those applications. PII data, for example. What're the best practices to ensure security of something as sensitive as the customer's addresses, phone numbers etc?

kanuj.bhatnagar

I'm a bit confused as to why we should not stop continuous integration on security issues. I thought DevSecOps was about involving everyone in security. Isnt breaking the build the best way to involve devs? If the tools cause too much noise, isn't the problem with the tools?
I guess it all depends on the team size.
I can see in a 100:10:1 organization, you wouldn't want to stop CI on security checks.
But in a 10:2:2 organization, it seems reasonable to fail builds.

emilesalem

Every time she said "DevOps" I heard the "Devils" which are not that far apart really

riccardo-

Reaching 30% of the talk and I hear her speaking about quite basic and obvious security things. And now I m reflecting on her special number 100:10:1 sort of complaining that 1 security is not enough and a daunting role to work alone with the other 10 and 100 devs. I find it a little bit pretentious, if not insulting, to assume that only her, as a security role, would only be concerned let alone be able to apply the best practices of security. Isn't it what a good developer should and probably taking into considerations in his/her everyday work?

Best Practices for securing CI/CD Pipelines or how to get Security right | Victoria Almazova

Best practices for securing CI/CD pipeline - Victoria Almazova

Best Practices for securing CI/CD Pipelines or how to get Security right | Victoria Almazova

Best practices for securing CI/CD pipeline - Victoria Almazova

Practical Tips & Tricks For Securing Your CI/CD Pipelines

CI/CD Pipeline Security: Advanced Continuous Delivery Best Practices

Securing CI/CD pipelines through Security Gates

DevOps CI/CD Explained in 100 Seconds

The IDEAL & Practical CI / CD Pipeline - Concepts Overview

How Static Testing Saves Millions: The QA Hack Every Agile Team Needs

Securing DevOps Pipelines: Top CI/CD Security Best Practices You Need to Know!

CI/CD In 5 Minutes | Is It Worth The Hassle: Crash Course System Design #2

How to design a modern CI/CD Pipeline

CI/CD Best Practices

11- What are some best practices for securing CI/CD pipeline? CI/CD Interview Questions SDET/Devops

DevOpsDays Warsaw 2019 - Victoria Almazova - Best practices for securing CI/CD pipeline

Best CI/CD security tools

LF Live Webinar: Securing CI/CD Pipelines Through Security Gates

♾️ CICD Explained for Dummies! CICD Pipeline in 60 seconds #devops #cicd

CI/CD: Top 10 Security Risks

Practical Tips & Tricks for CI/CD Success • Zan Markan • GOTO 2022

Ultimate DevSecOps Project! 👨‍💻#devsecops #cloud #cicd #devops

What’s new in cloud-native CI/CD: Speed, scale, security

CI CD Pipeline SECURITY EXPLAINED FOR AWS

CI CD Pipeline Explained in 2 minutes With Animation!