Dr. DevSecOps: Or How I stopped worrying about CI and started loving the cloud - Abhay Bhargav скачать в хорошем качестве

Dr. DevSecOps: Or How I stopped worrying about CI and started loving the cloud - Abhay Bhargav

https://appseccalifornia.org/ Continuous Integration (CI) and Continuous Deployment (CD) is at the heart of DevOps, and by extension, DevSecOps. Traditionally teams have used traditional CI services like Jenkins and Bamboo to continuously deliver applications. However, there are significant issues with running traditional, on-prem CI services like Jenkins, namely: Not suited for Cloud-Native Deployments Maintenance Overhead - On-Prem CI is hard to maintain and even harder to secure (vulnerable plugins) Unsuited for Container-Native workloads - Traditional CI tools are hard to orchestrate for containers. This talk aims to showcase some innovative approaches to running DevSecOps pipelines with Cloud and Container Native approaches, including but not limited to: Leveraging services like AWS Fargate, Lambda and Step Functions for Security Orchestration and Security Workflows Leveraging JenkinsX for Security Orchestration in Kubernetes The idea behind these approaches is to: Leverage ephemeral compute technologies to run CI services as opposed to persistent services, reducing overhead Leveraging State Machines to run more complex security workflows, especially in Micro-service workloads Running asynchronous security pipelines with feedback loops Leveraging query systems like AWS Athena to be able to achieve aggregation (and dare I say correlation) Abhay Bhargav Founder, we45 Abhay Bhargav is the Founder of we45, a focused Application Security Company. Abhay is a builder and breaker of applications. He is the Chief Architect of “Orchestron", a leading Application Vulnerability Correlation and Orchestration Framework.