YoVDO

Mistakes Made Integrating Security Scanning into CI/CD

Offered By: Security BSides San Francisco via YouTube

Tags

Security BSides Courses Software Development Courses Cybersecurity Courses DevOps Courses Configuration Management Courses CI/CD Pipelines Courses Vulnerability Management Courses

Course Description

Overview

Explore common pitfalls and lessons learned from integrating security scanning into CI/CD pipelines in this 26-minute conference talk from BSidesSF 2020. Discover how Atul Gaikwad and Moses Schwartz navigated a critical incident where their security scanner disrupted all build pipelines. Learn valuable principles, implementation strategies, and best practices for successful integration, including indirection, configuration management, and vulnerability whitelisting. Gain insights into effective logging techniques and the importance of Groovy scripting in the process. Benefit from their experience to avoid similar mistakes and improve your own security scanning implementation in continuous integration and delivery workflows.

Syllabus

Introduction
Story Time
Principles
Indirection
Implementation
Configuration
Groovy Glue
Adding a scanner
Logs
Vulnerability whitelisting
Summary
Questions


Taught by

Security BSides San Francisco

Related Courses

Cloud DevOps Engineer
Udacity DevOps CI/CD Pipeline: Automation from development to deployment
Universidad Anáhuac via edX DevOps Pipeline: Automatización hasta el despliegue
Universidad Anáhuac via edX Docker - SWARM - Hands-on - DevOps
Udemy Docker and Kubernetes: The Complete Guide
Udemy