OMH International 2021: DevSecOps, for your modern cloud architecture - Nithin Jois

Organizations are rapidly moving towards microservice style architectures for their applications. Managing comprehensive security for continuous delivery of such applications across organizations continues to remain a serious bottleneck in the DevOps movement. Implementing effective security practices within delivery pipelines can be challenging. The talk shall begin with a view of Continuous Application Security, through Application Security Automation with SAST, DAST & SCA and shall focus on real-world tools and techniques to automate application security tooling in CI/CD pipelines. Traditionally teams have used CI services like Jenkins to continuously deliver applications. But, there are issues with running CI services like Jenkins on VPCs mainly due to the Maintenance Overhead and it not being well suited for Container-Native workloads & Cloud-Native Deployments. This talk aims to showcase innovative approaches to running DevSecOps pipelines with Cloud and Container Native approaches by leveraging services like AWS Fargate, Lambda and Step Functions for Security Orchestration and Security Workflows. The idea behind this approach is to leverage ephemeral compute technologies to run CI services as opposed to persistent services, thereby reducing the overhead and leveraging State Machines to run more complex security workflows, especially in Microservice workloads.