Software development is pressed for faster and faster release cycles with acceptable quality, budget and security. As movements like CI, CD and Devops aim to cut down on release cycles, it's security's job to help control the risk. The risk landscape is complex as modern development practices increasingly consume more and more third party code. Traditional methods do not cut it anymore - it's time for DevSecOps.
This session gives an overview of how companies have implemented DevSecOps practices in their own delivery pipelines and how this can help increase developer awareness of risks affecting them. We'll walk an example CICD Pipeline and explore how security has been embedded as a part of it, how the movement is shaping up and how standards are starting to follow suite.
//
Adam Such
@AdamJWSuch
is a Solutions Architect for the DACH region at Sonatype. His background is in software development and product management, with a diverse range of software development experience, from IoT devices to enterprise IT monitoring. He has also been an Agile/Scrum Product Owner and uses this experience to help companies across the world understand and improve their software supply chain and continuous delivery pipelines.