YoVDO

Mistakes Made Integrating Security Scanning into CI/CD

Offered By: Security BSides San Francisco via YouTube

Tags

Security BSides Courses Software Development Courses Cybersecurity Courses DevOps Courses Configuration Management Courses CI/CD Pipelines Courses Vulnerability Management Courses

Course Description

Overview

Explore common pitfalls and lessons learned from integrating security scanning into CI/CD pipelines in this 26-minute conference talk from BSidesSF 2020. Discover how Atul Gaikwad and Moses Schwartz navigated a critical incident where their security scanner disrupted all build pipelines. Learn valuable principles, implementation strategies, and best practices for successful integration, including indirection, configuration management, and vulnerability whitelisting. Gain insights into effective logging techniques and the importance of Groovy scripting in the process. Benefit from their experience to avoid similar mistakes and improve your own security scanning implementation in continuous integration and delivery workflows.

Syllabus

Introduction
Story Time
Principles
Indirection
Implementation
Configuration
Groovy Glue
Adding a scanner
Logs
Vulnerability whitelisting
Summary
Questions


Taught by

Security BSides San Francisco

Related Courses

Software as a Service
University of California, Berkeley via Coursera Software Testing
University of Utah via Udacity The Hardware/Software Interface
University of Washington via Coursera Software Debugging
Saarland University via Udacity Introduction to Systematic Program Design - Part 1
The University of British Columbia via Coursera