DevOpsDays Baltimore 2018 - Ignite: A Definition of Done for DevSecOps by Gene Gotimer

Channel:
United States Confreaks
Subscribers:
42,400
Published on ● Video Link: https://www.youtube.com/watch?v=cEc_Wf8Lyh4


Duration: 5:50
189 views
0

Ignite: A Definition of Done for DevSecOps by Gene Gotimer

DevOps cannot be achieved without considering many different aspects of software quality, including security. The term DevSecOps was developed to highlight that security was being focused on as part of the pipeline, not a second-class citizen.

Fortunately, DevOps and continuous delivery practices give us opportunities to add different types of security testing to our pipeline so that security can be part of our definition of done. Continuous integration can invoke static analysis tools to test for simple security errors and check if components with known vulnerabilities are being used. Automated deployments and virtualization make dynamic environments available for testing in a production-like setting. Regression test suites can be used to drive traffic through proxies for security analysis. From the code to the systems where the software is being deployed, the process can make sure that security best practices are followed and insecure software is not being produced.

Gene will talk about how to construct a definition of done that focuses on security along with other types of quality in a DevOps pipeline. He will discuss how to define security practices and criteria that are appropriate for our teams and our projects to be confident that we are doing DevSecOps, and how those practices and criteria might mature over time.



Other Videos By Confreaks


2018-04-12DevOpsDays Baltimore 2018 - Comparative studies in highways, organizations,... by Amanjeev Sethi
2018-04-12DevOpsDays Baltimore 2018 - Ignite: 9 biases in tech by Leon Fayer
2018-04-12DevOpsDelays Baltimore 2018 - A Retrospective in Incident Management with Nathen Harvey
2018-04-12DevOpsDays Balitmore 2018 - Disaster Resilience the Waffle House Way: ... by Heidi Waterhouse
2018-04-12DevOpsDays Baltimore 2018 - Ignite Karaoke
2018-04-12DevOpsDays Baltimore 2018 - Close Cutting-edge DevOps at National Center for ... by Kamen Todorov
2018-04-12DevOpsDays Baltimore 2018 - Production Testing Through Monitoring by Robert Treat
2018-04-11DevOpsDays Baltimore 2018 - Ignite: Elegant Weapons for a More Civilized Age by Karl Davis
2018-04-11DevOpsDays Baltimore 2018 - Ignite: Weekender’s Guide to On Call by Marissa Murphy
2018-04-11DevOpsDays Baltimore 2018 - Ignite: How to Run a Killer Summer Internship Program for ...
2018-04-11DevOpsDays Baltimore 2018 - Ignite: A Definition of Done for DevSecOps by Gene Gotimer
2018-04-11DevOpsDays Baltimore 2018 - Ignite - Avoiding Pitfalls of Non-Technical Managers by Victoria Guido
2018-04-11DevOpsDays Baltimore 2018 - Don’t Believe the Hype: How We Navigated ...
2018-04-11DevOpsDays Baltimore 2018 - Black Mirror Season 5: DevOps by Brendan O'Leary
2018-04-11DevOpsDays Baltimore 2018 - Integrating Infrastructure as Code into a Continuous Delivery Pipeline
2018-04-11DevOpsDays Baltimore 2018 - Reanimating DevOps to build things that work by Theo Schlossnagle
2018-03-14ElixirDaze 2018 - Don’t let it crash: safe and convenient error handling... by Brooklyn Zelenka
2018-03-14ElixirDaze 2018 - Become a Test Whisperer: what are your tests are telling you? by Jeffrey Matthias
2018-03-14ElixirDaze 2018 - Building beautiful systems with Phoenix contexts... by Andrew Hao
2018-03-14ElixirDaze 2018 - Purify your web development with Raxx by Peter Saxton
2018-03-14ElixirDaze 2018 - Build your very own web framework in Elixir by German Velasco


Tags:
Education
DevOpsDays
DevOps
Tech