Security Tooling in Your DevOps Pipeline

Explore strategies for integrating security tooling and automation into DevOps pipelines in this 39-minute conference talk by Nancy Gariché. Learn how to implement security assessments early and throughout the CI/CD process, replacing slow manual methods with efficient automated solutions. Discover techniques for scanning platforms and code for vulnerabilities, performing static and dynamic security testing, and analyzing third-party components. Gain insights into shifting security left, gatekeeper approaches, and the differences between Waterfall and Agile methodologies. Delve into OWASP guidelines, secret detection, container security, and infrastructure considerations. Acquire valuable resources to enhance your DevOps security practices and keep pace with rapid development cycles.

Intro
Security
Shifting Left
Gatekeeping
Waterfall vs Agile
Security Tooling
OASP
Static Application Security
Dynamic Application Security
Software Composition Analysis
Secret Detection
Containers
Infrastructure
Resources