All Day DevOps 2020 - DevSecOps

Automated Governance - Building a Compliant by Default Environment

• DevSecOps implementation in an banking context
• Loved the “GitOps to the rescue” motto
• Slides

Embedding Security on your Terraform and Cloudformation code

• Got fond of @PicardTips :D
• “Infrastructure as code (IaC) presents a new risk and a new opportunity”
• Nice tools :
  • Checkov : static code analysis tool for infrastructure-as-code
  • TerraGoat : vulnerable Terraform Infrastructure spawned for learning and training purpose
  • CfnGoat : same for CloudFormation
  • Kubernetes-Goat : same for k8s
• DevSecOps utopia ? It’s a world where :
  • Infrastructure is developed and secured in the same place
  • Issues are automatically prevented from being deployed
  • Security is a business enabler rather than a hindrance
• Slides

CI/CD Pipelines for DevSecOps with Hybrid Cloud

• Interesting overview of a 2020 state-of-the-art DevSecOps architecture/pipelines/tools
• Funny spaghetti diagrams !
• “Security touches everything”
• Slides
• Slides (light)

Back to All Day DevOps 2020 Recap