filmov
tv
Securing Speed: Safeguarding CI/CD Pipelines for Robust Software Delivery
Показать описание
/// 🔗 Register for webcasts, summits, and workshops -
🛝 Webcast Slides -
Securing Speed: Safeguarding CI/CD Pipelines for Robust Software Delivery With Andrew Krug
CI/CD (Continuous Integration and Continuous Delivery) is at the very heart of every DevOps strategy.
Whether it includes security or not, security practitioners should have familiarity with CI/CD systems. Often these systems have implicit trust, or the “keys to the kingdom,” when it comes to forming resources in cloud environments.
Join us for a free one-hour Antisyphon Anti-cast, with instructor Andrew Krug, where he’ll explain best practices for CI/CD, detail common pitfalls, and get hands on with Github Actions + Cloud Providers.
Andrew will cover common best practices for project layouts and discuss do’s and don’ts.
You'll leave with a firm understanding of how to properly federate identity – in a safe way with cloud providers.
Chat with your fellow attendees in the Antisyphon Discord server:
in the #🍿anticasts-chat channel
Chapters
Securing Speed: Safeguarding CI/CD Pipelines for Robust Software Delivery
0:00 Introduction
4:02 Phases of DevSecops
5:53 Today’s Principles
8:04 Secure the Code - Mission #1
11:48 Demo 1 - Secure the Github Org
12:08 Secure the Repos - Mission #2
13:30 Your code as code but with code…
15:25 It’s the climb
16:25 Red alert | Some permission schemes are confusing
17:54 Top Tag Strategy
19:05 Branch Protection
20:02 Unpopular Opinions on Admin Bypass
24:06 Demo 2 AI + Static Analysis
32:15 Secure the Artifacts
32:36 Software Bills of Materials
33:23 SPDX vs CycloneDX
36:46 Analyze Using SQL in the Cloud @ Scale
38:40 Secure the Cloud - Mission #4
43:11 Demo 3 Github Actions + Federated Access
48:12 Demo 4 ByO Environments
51:18 Parting Advice
52:21 Measures of Success
54:41 Surveys and Career Advice
55:41 Q&A
🛝 Webcast Slides -
Securing Speed: Safeguarding CI/CD Pipelines for Robust Software Delivery With Andrew Krug
CI/CD (Continuous Integration and Continuous Delivery) is at the very heart of every DevOps strategy.
Whether it includes security or not, security practitioners should have familiarity with CI/CD systems. Often these systems have implicit trust, or the “keys to the kingdom,” when it comes to forming resources in cloud environments.
Join us for a free one-hour Antisyphon Anti-cast, with instructor Andrew Krug, where he’ll explain best practices for CI/CD, detail common pitfalls, and get hands on with Github Actions + Cloud Providers.
Andrew will cover common best practices for project layouts and discuss do’s and don’ts.
You'll leave with a firm understanding of how to properly federate identity – in a safe way with cloud providers.
Chat with your fellow attendees in the Antisyphon Discord server:
in the #🍿anticasts-chat channel
Chapters
Securing Speed: Safeguarding CI/CD Pipelines for Robust Software Delivery
0:00 Introduction
4:02 Phases of DevSecops
5:53 Today’s Principles
8:04 Secure the Code - Mission #1
11:48 Demo 1 - Secure the Github Org
12:08 Secure the Repos - Mission #2
13:30 Your code as code but with code…
15:25 It’s the climb
16:25 Red alert | Some permission schemes are confusing
17:54 Top Tag Strategy
19:05 Branch Protection
20:02 Unpopular Opinions on Admin Bypass
24:06 Demo 2 AI + Static Analysis
32:15 Secure the Artifacts
32:36 Software Bills of Materials
33:23 SPDX vs CycloneDX
36:46 Analyze Using SQL in the Cloud @ Scale
38:40 Secure the Cloud - Mission #4
43:11 Demo 3 Github Actions + Federated Access
48:12 Demo 4 ByO Environments
51:18 Parting Advice
52:21 Measures of Success
54:41 Surveys and Career Advice
55:41 Q&A
0:58:17
0:35:52
0:39:54
0:53:08
0:19:20
0:16:16
1:23:57
1:05:12
0:15:17
0:46:43
1:01:01
0:30:25
1:02:14
0:03:03
0:37:21
0:44:34
0:38:34
0:08:17
0:58:41
0:17:02
0:16:00
1:02:00
0:54:10
0:34:41