DevSecOps: More Than Just Pipelines

Explore the comprehensive world of DevSecOps in this insightful conference talk from Conf42 DevSecOps 2023. Delve into the core concepts of DevOps, CI/CD, and application security before uncovering the true essence of DevSecOps. Learn about the three ways of DevOps and why pipelines are just one piece of the puzzle. Discover the key components of a robust application security program, including inventory management, bug detection, knowledge sharing, and developer education. Gain valuable insights on implementing a secure software development lifecycle, leveraging tools beyond the pipeline, and establishing effective incident response protocols. Examine the importance of metrics in DevSecOps and explore additional resources to further your understanding. Join the vibrant DevSecOps community and equip yourself with the knowledge to elevate your organization's security practices.

intro
preamble
what are we going to talk about today?
tanya janca
what is devops?
what is ci/cd?
why ci/cd?
what is application security?
what is devsecops?
the three ways of devops
but what about pipelines?
an application security program
inventory
finding bugs
knowledge
education
give developers security tools
secure-sdlc
tools outside the pipeline
incident response
metrics
summary
resources
join the community!!!!!!
resources: me!
thank you!