All Day DevOps 2020 - DevSecOps
Automated Governance - Building a Compliant by Default Environment
- DevSecOps implementation in an banking context
- Loved the “GitOps to the rescue” motto
- Slides
Embedding Security on your Terraform and Cloudformation code
- Got fond of @PicardTips :D
- “Infrastructure as code (IaC) presents a new risk and a new opportunity”
- Nice tools :
- Checkov : static code analysis tool for infrastructure-as-code
- TerraGoat : vulnerable Terraform Infrastructure spawned for learning and training purpose
- CfnGoat : same for CloudFormation
- Kubernetes-Goat : same for k8s
- DevSecOps utopia ? It’s a world where :
- Infrastructure is developed and secured in the same place
- Issues are automatically prevented from being deployed
- Security is a business enabler rather than a hindrance
- Slides
CI/CD Pipelines for DevSecOps with Hybrid Cloud
- Interesting overview of a 2020 state-of-the-art DevSecOps architecture/pipelines/tools
- Funny spaghetti diagrams !
- “Security touches everything”
- Slides
- Slides (light)
Back to All Day DevOps 2020 Recap