Fight Back Against Cyber Risk in the Software Supply Chain - Secure DevSecOps Pipeline for Regulated Environments

Explore strategies to combat cyber risks in the software supply chain through a secure and compliant DevSecOps pipeline designed for regulated environments. Learn from IBM experts Krishna Rajeesh Nallur Valiyaveettil and Brendan Kelly as they share their experience helping clients address security challenges using open-source tools. Discover best practices for secure software supply chains, including reliable automation with Everything as Code, early mitigation of security risks, standardization, and evidence gathering for audits. Gain insights into a specific solution based on the BIAN architectural framework for banking interoperability, demonstrating the application of Continuous Integration, Continuous Deployment, and Continuous Compliance using open-source tools like Tekton, Terraform, and SonarQube. Understand the importance of secure DevSecOps pipelines in regulated environments, particularly in the financial services sector, and learn how to implement these practices to reduce cyber threats and ensure safe deployment of regulated workloads.

Intro
Cyber Risk affecting SW Supply Chains
Supply Chain Risks
DevSecOps Pipeline Principles
Continuous Integration
Continuous Delivery/Deployment
Continuous Compliance
Case Study - BIAN
BIAN Pipeline Flow
Lessons Learned