Best practices for securing CI/CD pipelines, or how to get security right
DevOps practices are in a place, containers are everywhere, pipelines are flying. We do Agile. We do DevOps. Now we should focus on following security practices for protecting the deployed resources, too. This is a reason why DevSecOps is not a hype anymore and is gaining more prominence.
There is a lot of information about DevSecOps, but how to do it properly? Where to start? What are the best practices?
In this session, we will walk through an end-to-end scenario where we will deploy infrastructure components and solutions securely to the cloud. We will build a pipeline with security in mind to protect and detect potential security flaws during the build. We will focus on the main principles that you can apply to the most popular and used solutions and tools.
You will learn essential concepts:
- how to build an end-to-end CI/CD pipeline that builds the application and deploys infrastructure with security checks for the application, containers, and infrastructure;
- what security tools are available for CI/CD pipelines and the best way to implement them into different Git workflows;
- best practices and patterns of building security pipelines.
Victoria Almazova: Security girl in Microsoft Norway with experience more than 14 years in security. She spends all her time working closely with developers and architects to make security built in from design level. She is a big supporter of making security as culture and shifting security to the left. Victoria believes that empowering developers and architects in security tasks by helping with education will increase security level without increasing additional workload.
During the free time, she deep dives into cloud security, development, identity and access management.