SlideShare a Scribd company logo

DevSecOps with Confidence

VMware Tanzu
VMware Tanzu

SpringOne 2020 Maria Gabriella Brodi: Sr. Solution Engineer, VMware; Prasanna Upperi: Senior Platform Architect, VMware

Software
1 of 21
Download to read offline
DEVSECOPS WITH CONFIDENCE Maria Gabriella Brodi @brodimg Prasanna Upperi @prasannaadn
AGENDA 2 Problem space Environment and Tools Demo Conclusion
DEVSECOPS: A PERSPECTIVE 4 Development Quality Assurance Operations SecurityDevSecOps
WHY SHOULD WE CAREABOUT DEVSECOPS? 5
WHAT DO WE GET FROM DEVSECOPS 6 Predictable Control over the environment Traceable Provides auditing Trusted Scanned and signed artifacts Consistent Avoids configuration drifts
Develop Test Build Scan Sign Deploy Monitor Validate ... REFERENCEPIPELINE Architect Unit Tests Code Coverage Code Scan Dependencies BoM Trusted Sources CVE Scan Configuration Sign Tag Publish Validatesignature ConfigurationCheck DeploymentStrategies Trusted Artifact
Develop Test Build Scan Sign Deploy Monitor Validate ... REFERENCEPIPELINE: SEEDING... Architect Unit Tests IntegrationTests Code Coverage Code Scan Dependencies BoM Trusted Sources CVE Scan Configuration Sign Tag Publish Validatesignature DeploymentStrategies ConfigurationCheck
STARTING ON A SOLID FOUNDATION: TOOLS AND PRACTICES Qualityand security cannot be injected: need to be embedded in the code. • TDD • OWASP Top 10 https://owasp.org/ • Spring Cloud Contract • Static Application Security Testing • Code analysis 9 Test
INTEGRATION TESTS WITH TESTCONTAINERS 10 Test
DOCKERFILES DONE WRONG Build
SECURITY OF CONTAINERS STARTS WITH A SECURE BASE IMAGE. 12 Control over the billing of material: •Source code •Dependent libraries •Base OS Reduce time to rebuild Reuse components Apply CVE Build
DOCKERFILES DONE RIGHT Build
15 • Based on CNBP • Best practices in each ecosystem • Base images for build and run • Constantly updated SECURITY OF CONTAINERS STARTS WITH A SECURE BASE IMAGE Build
IMAGE SCANNING AND SIGNING 17 • Role-Based Access Control (RBAC) • LDAP/AD Integration • Image Vulnerability Scanning (Clair) • Notary Image Signing • Policy-Based Image Replication • Graphical User Portal & RESTful API • Image Deletion & Garbage Collection • Auditing CLAIRE (scan) IMAGE REGISTRY NOTARY (sign) R E PL IC A TI O N Scan Sign
MESH SOLUTION FOR MULTI OR HYBRID CLOUD: SERVICE MESH 18 Tanzu Service Meshplatform addresses a multitude of connectivity and security use cases in hybrid cloud environments. Global Name Space extends traffic control, security and observability across clusters and IaaS Global control plane controls many data plane Istio deployments manages the lifecycle of Istio from onboarding to Day2 and Day3 operations. Security expandsworkloadstrusted identity across multiple clusters and clouds Deploy Monitor
ADDITIONAL TOOLS 19
DEMO o Push change to git o Automatic build o Automatic test Junit+testcontainers o Automatic image scanning + signing o New Version Rollout (Canary style) o Metrics collection o Automatic Promotion/Rollback 20
• CONCLUSIONS: SHIFT LEFT TO 21 Reduce Reduce risks Maintain Maintain developer speed Embed Embed compliance in the pipeline's stages Improve Improve Observability Avoid Avoid configuration drifts
NEXT STEPS FOR A COMPLETE COVERAGE Tools to manageat scale Cluster security SystemObservability
Special thanks: Madhav Sathe @madhav_sathe Kathy Wan @queenwan
THANK YOU!

Recommended

Observability Enhancements in Steeltoe
Observability Enhancements in Steeltoe Observability Enhancements in Steeltoe
Observability Enhancements in Steeltoe VMware Tanzu
 
Crossing the Streams! Rollout Strategies to Keep Your Users Happy!
Crossing the Streams! Rollout Strategies to Keep Your Users Happy!Crossing the Streams! Rollout Strategies to Keep Your Users Happy!
Crossing the Streams! Rollout Strategies to Keep Your Users Happy!VMware Tanzu
 
“Sh*^%# on Fire, Yo!”: A True Story Inspired by Real Events
“Sh*^%# on Fire, Yo!”: A True Story Inspired by Real Events“Sh*^%# on Fire, Yo!”: A True Story Inspired by Real Events
“Sh*^%# on Fire, Yo!”: A True Story Inspired by Real EventsVMware Tanzu
 
Software Architecture: A Story About Business Value and Tradeoffs
Software Architecture: A Story About Business Value and TradeoffsSoftware Architecture: A Story About Business Value and Tradeoffs
Software Architecture: A Story About Business Value and TradeoffsVMware Tanzu
 
Handling Secrets in Your Cloud Native Architecture
Handling Secrets in Your Cloud Native ArchitectureHandling Secrets in Your Cloud Native Architecture
Handling Secrets in Your Cloud Native ArchitectureVMware Tanzu
 
IoT Scale Event-Stream Processing for Connected Fleet at Penske
IoT Scale Event-Stream Processing for Connected Fleet at PenskeIoT Scale Event-Stream Processing for Connected Fleet at Penske
IoT Scale Event-Stream Processing for Connected Fleet at PenskeVMware Tanzu
 
Adopting Azure, Cloud Foundry and Microservice Architecture at Merrill Corpor...
Adopting Azure, Cloud Foundry and Microservice Architecture at Merrill Corpor...Adopting Azure, Cloud Foundry and Microservice Architecture at Merrill Corpor...
Adopting Azure, Cloud Foundry and Microservice Architecture at Merrill Corpor...VMware Tanzu
 
From Monolith to K8s - Spring One 2020
From Monolith to K8s - Spring One 2020From Monolith to K8s - Spring One 2020
From Monolith to K8s - Spring One 2020Mauricio (Salaboy) Salatino
 

Recommended

Observability Enhancements in Steeltoe
Observability Enhancements in Steeltoe Observability Enhancements in Steeltoe
Observability Enhancements in Steeltoe VMware Tanzu
 
Crossing the Streams! Rollout Strategies to Keep Your Users Happy!
Crossing the Streams! Rollout Strategies to Keep Your Users Happy!Crossing the Streams! Rollout Strategies to Keep Your Users Happy!
Crossing the Streams! Rollout Strategies to Keep Your Users Happy!VMware Tanzu
 
“Sh*^%# on Fire, Yo!”: A True Story Inspired by Real Events
“Sh*^%# on Fire, Yo!”: A True Story Inspired by Real Events“Sh*^%# on Fire, Yo!”: A True Story Inspired by Real Events
“Sh*^%# on Fire, Yo!”: A True Story Inspired by Real EventsVMware Tanzu
 
Software Architecture: A Story About Business Value and Tradeoffs
Software Architecture: A Story About Business Value and TradeoffsSoftware Architecture: A Story About Business Value and Tradeoffs
Software Architecture: A Story About Business Value and TradeoffsVMware Tanzu
 
Handling Secrets in Your Cloud Native Architecture
Handling Secrets in Your Cloud Native ArchitectureHandling Secrets in Your Cloud Native Architecture
Handling Secrets in Your Cloud Native ArchitectureVMware Tanzu
 
IoT Scale Event-Stream Processing for Connected Fleet at Penske
IoT Scale Event-Stream Processing for Connected Fleet at PenskeIoT Scale Event-Stream Processing for Connected Fleet at Penske
IoT Scale Event-Stream Processing for Connected Fleet at PenskeVMware Tanzu
 
Adopting Azure, Cloud Foundry and Microservice Architecture at Merrill Corpor...
Adopting Azure, Cloud Foundry and Microservice Architecture at Merrill Corpor...Adopting Azure, Cloud Foundry and Microservice Architecture at Merrill Corpor...
Adopting Azure, Cloud Foundry and Microservice Architecture at Merrill Corpor...VMware Tanzu
 
From Monolith to K8s - Spring One 2020
From Monolith to K8s - Spring One 2020From Monolith to K8s - Spring One 2020
From Monolith to K8s - Spring One 2020Mauricio (Salaboy) Salatino
 
Migrating from Self-Managed Kubernetes on EC2 to a GitOps Enabled EKS
Migrating from Self-Managed Kubernetes on EC2 to a GitOps Enabled EKSMigrating from Self-Managed Kubernetes on EC2 to a GitOps Enabled EKS
Migrating from Self-Managed Kubernetes on EC2 to a GitOps Enabled EKSWeaveworks
 
Spring: Your Next Java Micro-Framework
Spring: Your Next Java Micro-FrameworkSpring: Your Next Java Micro-Framework
Spring: Your Next Java Micro-FrameworkVMware Tanzu
 
DevOps KPIs as a Service: Daimler’s Solution
DevOps KPIs as a Service: Daimler’s SolutionDevOps KPIs as a Service: Daimler’s Solution
DevOps KPIs as a Service: Daimler’s SolutionVMware Tanzu
 
Deploying Spring Boot apps on Kubernetes
Deploying Spring Boot apps on KubernetesDeploying Spring Boot apps on Kubernetes
Deploying Spring Boot apps on KubernetesVMware Tanzu
 
Crafting a New Enterprise App Platform with Cloud Foundry, Kubernetes, Istio,...
Crafting a New Enterprise App Platform with Cloud Foundry, Kubernetes, Istio,...Crafting a New Enterprise App Platform with Cloud Foundry, Kubernetes, Istio,...
Crafting a New Enterprise App Platform with Cloud Foundry, Kubernetes, Istio,...VMware Tanzu
 
Continuous Everything in a Multi-cloud and Multi-platform Environment
Continuous Everything in a Multi-cloud and Multi-platform EnvironmentContinuous Everything in a Multi-cloud and Multi-platform Environment
Continuous Everything in a Multi-cloud and Multi-platform EnvironmentVMware Tanzu
 
Connecting Spring Apps to Distributed SQL Clusters Running in Kubernetes
Connecting Spring Apps to Distributed SQL Clusters Running in KubernetesConnecting Spring Apps to Distributed SQL Clusters Running in Kubernetes
Connecting Spring Apps to Distributed SQL Clusters Running in KubernetesVMware Tanzu
 
Spring Boot 2.2
Spring Boot 2.2 Spring Boot 2.2
Spring Boot 2.2VMware Tanzu
 
Redefining cloud native debugging
Redefining cloud native debugging Redefining cloud native debugging
Redefining cloud native debugging LibbySchulze
 
CDK - The next big thing - Quang Phuong
CDK - The next big thing - Quang PhuongCDK - The next big thing - Quang Phuong
CDK - The next big thing - Quang PhuongVietnam Open Infrastructure User Group
 
Spring Boot Observability
Spring Boot ObservabilitySpring Boot Observability
Spring Boot ObservabilityVMware Tanzu
 
Cloud-native Patterns (July 4th, 2019)
Cloud-native Patterns (July 4th, 2019)Cloud-native Patterns (July 4th, 2019)
Cloud-native Patterns (July 4th, 2019)Alexandre Roman
 
Kubestr browse2021.pptx
Kubestr browse2021.pptxKubestr browse2021.pptx
Kubestr browse2021.pptxLibbySchulze
 
Spring Boot Loves K8s
Spring Boot Loves K8sSpring Boot Loves K8s
Spring Boot Loves K8sVMware Tanzu
 
High-Precision GPS Positioning for Spring Developers
High-Precision GPS Positioning for Spring DevelopersHigh-Precision GPS Positioning for Spring Developers
High-Precision GPS Positioning for Spring DevelopersVMware Tanzu
 
클라우드 네이티브 플랫폼의 미래 - Kubernetes 기반의 PCF 로드맵
클라우드 네이티브 플랫폼의 미래 - Kubernetes 기반의 PCF 로드맵 클라우드 네이티브 플랫폼의 미래 - Kubernetes 기반의 PCF 로드맵
클라우드 네이티브 플랫폼의 미래 - Kubernetes 기반의 PCF 로드맵 VMware Tanzu Korea
 
Resilient Microservices with Spring Cloud
Resilient Microservices with Spring CloudResilient Microservices with Spring Cloud
Resilient Microservices with Spring CloudVMware Tanzu
 
Secure Infrastructure Provisioning with Terraform Cloud, Vault + GitLab CI
Secure Infrastructure Provisioning with Terraform Cloud, Vault + GitLab CISecure Infrastructure Provisioning with Terraform Cloud, Vault + GitLab CI
Secure Infrastructure Provisioning with Terraform Cloud, Vault + GitLab CIMitchell Pronschinske
 
Developers Are Users, Too
Developers Are Users, TooDevelopers Are Users, Too
Developers Are Users, TooVMware Tanzu
 
Spring Boot Whirlwind Tour
Spring Boot Whirlwind TourSpring Boot Whirlwind Tour
Spring Boot Whirlwind TourVMware Tanzu
 
AzureDay Kyiv 2016 Release Management
AzureDay Kyiv 2016 Release ManagementAzureDay Kyiv 2016 Release Management
AzureDay Kyiv 2016 Release ManagementSergii Kryshtop
 
Modern Web 2019 從零開始加入自動化資安測試
Modern Web 2019 從零開始加入自動化資安測試Modern Web 2019 從零開始加入自動化資安測試
Modern Web 2019 從零開始加入自動化資安測試Secview
 

More Related Content

What's hot

Migrating from Self-Managed Kubernetes on EC2 to a GitOps Enabled EKS
Migrating from Self-Managed Kubernetes on EC2 to a GitOps Enabled EKSMigrating from Self-Managed Kubernetes on EC2 to a GitOps Enabled EKS
Migrating from Self-Managed Kubernetes on EC2 to a GitOps Enabled EKSWeaveworks
 
Spring: Your Next Java Micro-Framework
Spring: Your Next Java Micro-FrameworkSpring: Your Next Java Micro-Framework
Spring: Your Next Java Micro-FrameworkVMware Tanzu
 
DevOps KPIs as a Service: Daimler’s Solution
DevOps KPIs as a Service: Daimler’s SolutionDevOps KPIs as a Service: Daimler’s Solution
DevOps KPIs as a Service: Daimler’s SolutionVMware Tanzu
 
Deploying Spring Boot apps on Kubernetes
Deploying Spring Boot apps on KubernetesDeploying Spring Boot apps on Kubernetes
Deploying Spring Boot apps on KubernetesVMware Tanzu
 
Crafting a New Enterprise App Platform with Cloud Foundry, Kubernetes, Istio,...
Crafting a New Enterprise App Platform with Cloud Foundry, Kubernetes, Istio,...Crafting a New Enterprise App Platform with Cloud Foundry, Kubernetes, Istio,...
Crafting a New Enterprise App Platform with Cloud Foundry, Kubernetes, Istio,...VMware Tanzu
 
Continuous Everything in a Multi-cloud and Multi-platform Environment
Continuous Everything in a Multi-cloud and Multi-platform EnvironmentContinuous Everything in a Multi-cloud and Multi-platform Environment
Continuous Everything in a Multi-cloud and Multi-platform EnvironmentVMware Tanzu
 
Connecting Spring Apps to Distributed SQL Clusters Running in Kubernetes
Connecting Spring Apps to Distributed SQL Clusters Running in KubernetesConnecting Spring Apps to Distributed SQL Clusters Running in Kubernetes
Connecting Spring Apps to Distributed SQL Clusters Running in KubernetesVMware Tanzu
 
Redefining cloud native debugging
Redefining cloud native debugging Redefining cloud native debugging
Redefining cloud native debugging LibbySchulze
 
Spring Boot Observability
Spring Boot ObservabilitySpring Boot Observability
Spring Boot ObservabilityVMware Tanzu
 
Cloud-native Patterns (July 4th, 2019)
Cloud-native Patterns (July 4th, 2019)Cloud-native Patterns (July 4th, 2019)
Cloud-native Patterns (July 4th, 2019)Alexandre Roman
 
Kubestr browse2021.pptx
Kubestr browse2021.pptxKubestr browse2021.pptx
Kubestr browse2021.pptxLibbySchulze
 
Spring Boot Loves K8s
Spring Boot Loves K8sSpring Boot Loves K8s
Spring Boot Loves K8sVMware Tanzu
 
High-Precision GPS Positioning for Spring Developers
High-Precision GPS Positioning for Spring DevelopersHigh-Precision GPS Positioning for Spring Developers
High-Precision GPS Positioning for Spring DevelopersVMware Tanzu
 
클라우드 네이티브 플랫폼의 미래 - Kubernetes 기반의 PCF 로드맵
클라우드 네이티브 플랫폼의 미래 - Kubernetes 기반의 PCF 로드맵 클라우드 네이티브 플랫폼의 미래 - Kubernetes 기반의 PCF 로드맵
클라우드 네이티브 플랫폼의 미래 - Kubernetes 기반의 PCF 로드맵 VMware Tanzu Korea
 
Resilient Microservices with Spring Cloud
Resilient Microservices with Spring CloudResilient Microservices with Spring Cloud
Resilient Microservices with Spring CloudVMware Tanzu
 
Secure Infrastructure Provisioning with Terraform Cloud, Vault + GitLab CI
Secure Infrastructure Provisioning with Terraform Cloud, Vault + GitLab CISecure Infrastructure Provisioning with Terraform Cloud, Vault + GitLab CI
Secure Infrastructure Provisioning with Terraform Cloud, Vault + GitLab CIMitchell Pronschinske
 
Developers Are Users, Too
Developers Are Users, TooDevelopers Are Users, Too
Developers Are Users, TooVMware Tanzu
 
Spring Boot Whirlwind Tour
Spring Boot Whirlwind TourSpring Boot Whirlwind Tour
Spring Boot Whirlwind TourVMware Tanzu
 

What's hot (20)

Migrating from Self-Managed Kubernetes on EC2 to a GitOps Enabled EKS
Migrating from Self-Managed Kubernetes on EC2 to a GitOps Enabled EKSMigrating from Self-Managed Kubernetes on EC2 to a GitOps Enabled EKS
Migrating from Self-Managed Kubernetes on EC2 to a GitOps Enabled EKS
 
Spring: Your Next Java Micro-Framework
Spring: Your Next Java Micro-FrameworkSpring: Your Next Java Micro-Framework
Spring: Your Next Java Micro-Framework
 
DevOps KPIs as a Service: Daimler’s Solution
DevOps KPIs as a Service: Daimler’s SolutionDevOps KPIs as a Service: Daimler’s Solution
DevOps KPIs as a Service: Daimler’s Solution
 
Deploying Spring Boot apps on Kubernetes
Deploying Spring Boot apps on KubernetesDeploying Spring Boot apps on Kubernetes
Deploying Spring Boot apps on Kubernetes
 
Crafting a New Enterprise App Platform with Cloud Foundry, Kubernetes, Istio,...
Crafting a New Enterprise App Platform with Cloud Foundry, Kubernetes, Istio,...Crafting a New Enterprise App Platform with Cloud Foundry, Kubernetes, Istio,...
Crafting a New Enterprise App Platform with Cloud Foundry, Kubernetes, Istio,...
 
Continuous Everything in a Multi-cloud and Multi-platform Environment
Continuous Everything in a Multi-cloud and Multi-platform EnvironmentContinuous Everything in a Multi-cloud and Multi-platform Environment
Continuous Everything in a Multi-cloud and Multi-platform Environment
 
Connecting Spring Apps to Distributed SQL Clusters Running in Kubernetes
Connecting Spring Apps to Distributed SQL Clusters Running in KubernetesConnecting Spring Apps to Distributed SQL Clusters Running in Kubernetes
Connecting Spring Apps to Distributed SQL Clusters Running in Kubernetes
 
Spring Boot 2.2
Spring Boot 2.2 Spring Boot 2.2
Spring Boot 2.2
 
Redefining cloud native debugging
Redefining cloud native debugging Redefining cloud native debugging
Redefining cloud native debugging
 
CDK - The next big thing - Quang Phuong
CDK - The next big thing - Quang PhuongCDK - The next big thing - Quang Phuong
CDK - The next big thing - Quang Phuong
 
Spring Boot Observability
Spring Boot ObservabilitySpring Boot Observability
Spring Boot Observability
 
Cloud-native Patterns (July 4th, 2019)
Cloud-native Patterns (July 4th, 2019)Cloud-native Patterns (July 4th, 2019)
Cloud-native Patterns (July 4th, 2019)
 
Kubestr browse2021.pptx
Kubestr browse2021.pptxKubestr browse2021.pptx
Kubestr browse2021.pptx
 
Spring Boot Loves K8s
Spring Boot Loves K8sSpring Boot Loves K8s
Spring Boot Loves K8s
 
High-Precision GPS Positioning for Spring Developers
High-Precision GPS Positioning for Spring DevelopersHigh-Precision GPS Positioning for Spring Developers
High-Precision GPS Positioning for Spring Developers
 
클라우드 네이티브 플랫폼의 미래 - Kubernetes 기반의 PCF 로드맵
클라우드 네이티브 플랫폼의 미래 - Kubernetes 기반의 PCF 로드맵 클라우드 네이티브 플랫폼의 미래 - Kubernetes 기반의 PCF 로드맵
클라우드 네이티브 플랫폼의 미래 - Kubernetes 기반의 PCF 로드맵
 
Resilient Microservices with Spring Cloud
Resilient Microservices with Spring CloudResilient Microservices with Spring Cloud
Resilient Microservices with Spring Cloud
 
Secure Infrastructure Provisioning with Terraform Cloud, Vault + GitLab CI
Secure Infrastructure Provisioning with Terraform Cloud, Vault + GitLab CISecure Infrastructure Provisioning with Terraform Cloud, Vault + GitLab CI
Secure Infrastructure Provisioning with Terraform Cloud, Vault + GitLab CI
 
Developers Are Users, Too
Developers Are Users, TooDevelopers Are Users, Too
Developers Are Users, Too
 
Spring Boot Whirlwind Tour
Spring Boot Whirlwind TourSpring Boot Whirlwind Tour
Spring Boot Whirlwind Tour
 

Similar to DevSecOps with Confidence

AzureDay Kyiv 2016 Release Management
AzureDay Kyiv 2016 Release ManagementAzureDay Kyiv 2016 Release Management
AzureDay Kyiv 2016 Release ManagementSergii Kryshtop
 
Modern Web 2019 從零開始加入自動化資安測試
Modern Web 2019 從零開始加入自動化資安測試Modern Web 2019 從零開始加入自動化資安測試
Modern Web 2019 從零開始加入自動化資安測試Secview
 
Cncf checkov and bridgecrew
Cncf checkov and bridgecrewCncf checkov and bridgecrew
Cncf checkov and bridgecrewLibbySchulze
 
Making Security Agile
Making Security AgileMaking Security Agile
Making Security AgileOleg Gryb
 
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...apidays LIVE Paris - Serverless security: how to protect what you don't see? ...
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...apidays
 
[muCon2017]DevSecOps: How to Continuously Integrate Security into DevOps
[muCon2017]DevSecOps: How to Continuously Integrate Security into DevOps[muCon2017]DevSecOps: How to Continuously Integrate Security into DevOps
[muCon2017]DevSecOps: How to Continuously Integrate Security into DevOpsDaniel Oh
 
ABN AMRO DevSecOps Journey
ABN AMRO DevSecOps JourneyABN AMRO DevSecOps Journey
ABN AMRO DevSecOps JourneyDerek E. Weeks
 
Netflix Cloud Architecture and Open Source
Netflix Cloud Architecture and Open SourceNetflix Cloud Architecture and Open Source
Netflix Cloud Architecture and Open Sourceaspyker
 
Modernizing Testing as Apps Re-Architect
Modernizing Testing as Apps Re-ArchitectModernizing Testing as Apps Re-Architect
Modernizing Testing as Apps Re-ArchitectDevOps.com
 
Safeguarding artifact integrity in your Software Supply Chain
Safeguarding artifact integrity in your Software Supply ChainSafeguarding artifact integrity in your Software Supply Chain
Safeguarding artifact integrity in your Software Supply ChainGiovanni Galloro
 
DevOps Powered by Splunk
DevOps Powered by SplunkDevOps Powered by Splunk
DevOps Powered by SplunkSplunk
 
Let's banish "it works on my machine"
Let's banish "it works on my machine"Let's banish "it works on my machine"
Let's banish "it works on my machine"Stephanie Locke
 
Build a complete security operations and compliance program using a graph dat...
Build a complete security operations and compliance program using a graph dat...Build a complete security operations and compliance program using a graph dat...
Build a complete security operations and compliance program using a graph dat...Erkang Zheng
 
Azure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudAzure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudPaulo Renato
 
SUGCON EU 2023 - Secure Composable SaaS.pptx
SUGCON EU 2023 - Secure Composable SaaS.pptxSUGCON EU 2023 - Secure Composable SaaS.pptx
SUGCON EU 2023 - Secure Composable SaaS.pptxVasiliy Fomichev
 
Scale security for a dollar or less
Scale security for a dollar or lessScale security for a dollar or less
Scale security for a dollar or lessMohammed A. Imran
 
8 - OpenShift - A look at a container platform: what's in the box
8 - OpenShift - A look at a container platform: what's in the box8 - OpenShift - A look at a container platform: what's in the box
8 - OpenShift - A look at a container platform: what's in the boxKangaroot
 
Point of View to Accelerate with dev ops
Point of View to Accelerate with dev opsPoint of View to Accelerate with dev ops
Point of View to Accelerate with dev opsSanjay B. Bhakta
 
Don't Deploy Into the Dark: DORA Metrics for your K8s GitOps Deployments
Don't Deploy Into the Dark: DORA Metrics for your K8s GitOps DeploymentsDon't Deploy Into the Dark: DORA Metrics for your K8s GitOps Deployments
Don't Deploy Into the Dark: DORA Metrics for your K8s GitOps DeploymentsAndreas Grabner
 

Similar to DevSecOps with Confidence (20)

AzureDay Kyiv 2016 Release Management
AzureDay Kyiv 2016 Release ManagementAzureDay Kyiv 2016 Release Management
AzureDay Kyiv 2016 Release Management
 
Modern Web 2019 從零開始加入自動化資安測試
Modern Web 2019 從零開始加入自動化資安測試Modern Web 2019 從零開始加入自動化資安測試
Modern Web 2019 從零開始加入自動化資安測試
 
Cncf checkov and bridgecrew
Cncf checkov and bridgecrewCncf checkov and bridgecrew
Cncf checkov and bridgecrew
 
Making Security Agile
Making Security AgileMaking Security Agile
Making Security Agile
 
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...apidays LIVE Paris - Serverless security: how to protect what you don't see? ...
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...
 
[muCon2017]DevSecOps: How to Continuously Integrate Security into DevOps
[muCon2017]DevSecOps: How to Continuously Integrate Security into DevOps[muCon2017]DevSecOps: How to Continuously Integrate Security into DevOps
[muCon2017]DevSecOps: How to Continuously Integrate Security into DevOps
 
Dev{sec}ops
Dev{sec}opsDev{sec}ops
Dev{sec}ops
 
ABN AMRO DevSecOps Journey
ABN AMRO DevSecOps JourneyABN AMRO DevSecOps Journey
ABN AMRO DevSecOps Journey
 
Netflix Cloud Architecture and Open Source
Netflix Cloud Architecture and Open SourceNetflix Cloud Architecture and Open Source
Netflix Cloud Architecture and Open Source
 
Modernizing Testing as Apps Re-Architect
Modernizing Testing as Apps Re-ArchitectModernizing Testing as Apps Re-Architect
Modernizing Testing as Apps Re-Architect
 
Safeguarding artifact integrity in your Software Supply Chain
Safeguarding artifact integrity in your Software Supply ChainSafeguarding artifact integrity in your Software Supply Chain
Safeguarding artifact integrity in your Software Supply Chain
 
DevOps Powered by Splunk
DevOps Powered by SplunkDevOps Powered by Splunk
DevOps Powered by Splunk
 
Let's banish "it works on my machine"
Let's banish "it works on my machine"Let's banish "it works on my machine"
Let's banish "it works on my machine"
 
Build a complete security operations and compliance program using a graph dat...
Build a complete security operations and compliance program using a graph dat...Build a complete security operations and compliance program using a graph dat...
Build a complete security operations and compliance program using a graph dat...
 
Azure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudAzure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure Cloud
 
SUGCON EU 2023 - Secure Composable SaaS.pptx
SUGCON EU 2023 - Secure Composable SaaS.pptxSUGCON EU 2023 - Secure Composable SaaS.pptx
SUGCON EU 2023 - Secure Composable SaaS.pptx
 
Scale security for a dollar or less
Scale security for a dollar or lessScale security for a dollar or less
Scale security for a dollar or less
 
8 - OpenShift - A look at a container platform: what's in the box
8 - OpenShift - A look at a container platform: what's in the box8 - OpenShift - A look at a container platform: what's in the box
8 - OpenShift - A look at a container platform: what's in the box
 
Point of View to Accelerate with dev ops
Point of View to Accelerate with dev opsPoint of View to Accelerate with dev ops
Point of View to Accelerate with dev ops
 
Don't Deploy Into the Dark: DORA Metrics for your K8s GitOps Deployments
Don't Deploy Into the Dark: DORA Metrics for your K8s GitOps DeploymentsDon't Deploy Into the Dark: DORA Metrics for your K8s GitOps Deployments
Don't Deploy Into the Dark: DORA Metrics for your K8s GitOps Deployments
 

More from VMware Tanzu

What AI Means For Your Product Strategy And What To Do About It
What AI Means For Your Product Strategy And What To Do About ItWhat AI Means For Your Product Strategy And What To Do About It
What AI Means For Your Product Strategy And What To Do About ItVMware Tanzu
 
Make the Right Thing the Obvious Thing at Cardinal Health 2023
Make the Right Thing the Obvious Thing at Cardinal Health 2023Make the Right Thing the Obvious Thing at Cardinal Health 2023
Make the Right Thing the Obvious Thing at Cardinal Health 2023VMware Tanzu
 
Enhancing DevEx and Simplifying Operations at Scale
Enhancing DevEx and Simplifying Operations at ScaleEnhancing DevEx and Simplifying Operations at Scale
Enhancing DevEx and Simplifying Operations at ScaleVMware Tanzu
 
Spring Update | July 2023
Spring Update | July 2023Spring Update | July 2023
Spring Update | July 2023VMware Tanzu
 
Platforms, Platform Engineering, & Platform as a Product
Platforms, Platform Engineering, & Platform as a ProductPlatforms, Platform Engineering, & Platform as a Product
Platforms, Platform Engineering, & Platform as a ProductVMware Tanzu
 
Building Cloud Ready Apps
Building Cloud Ready AppsBuilding Cloud Ready Apps
Building Cloud Ready AppsVMware Tanzu
 
Spring Boot 3 And Beyond
Spring Boot 3 And BeyondSpring Boot 3 And Beyond
Spring Boot 3 And BeyondVMware Tanzu
 
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdfSpring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdfVMware Tanzu
 
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023VMware Tanzu
 
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023VMware Tanzu
 
tanzu_developer_connect.pptx
tanzu_developer_connect.pptxtanzu_developer_connect.pptx
tanzu_developer_connect.pptxVMware Tanzu
 
Tanzu Virtual Developer Connect Workshop - French
Tanzu Virtual Developer Connect Workshop - FrenchTanzu Virtual Developer Connect Workshop - French
Tanzu Virtual Developer Connect Workshop - FrenchVMware Tanzu
 
Tanzu Developer Connect Workshop - English
Tanzu Developer Connect Workshop - EnglishTanzu Developer Connect Workshop - English
Tanzu Developer Connect Workshop - EnglishVMware Tanzu
 
Virtual Developer Connect Workshop - English
Virtual Developer Connect Workshop - EnglishVirtual Developer Connect Workshop - English
Virtual Developer Connect Workshop - EnglishVMware Tanzu
 
Tanzu Developer Connect - French
Tanzu Developer Connect - FrenchTanzu Developer Connect - French
Tanzu Developer Connect - FrenchVMware Tanzu
 
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023VMware Tanzu
 
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring BootSpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring BootVMware Tanzu
 
SpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software EngineerSpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software EngineerVMware Tanzu
 
SpringOne Tour: Domain-Driven Design: Theory vs Practice
SpringOne Tour: Domain-Driven Design: Theory vs PracticeSpringOne Tour: Domain-Driven Design: Theory vs Practice
SpringOne Tour: Domain-Driven Design: Theory vs PracticeVMware Tanzu
 
SpringOne Tour: Spring Recipes: A Collection of Common-Sense Solutions
SpringOne Tour: Spring Recipes: A Collection of Common-Sense SolutionsSpringOne Tour: Spring Recipes: A Collection of Common-Sense Solutions
SpringOne Tour: Spring Recipes: A Collection of Common-Sense SolutionsVMware Tanzu
 

More from VMware Tanzu (20)

What AI Means For Your Product Strategy And What To Do About It
What AI Means For Your Product Strategy And What To Do About ItWhat AI Means For Your Product Strategy And What To Do About It
What AI Means For Your Product Strategy And What To Do About It
 
Make the Right Thing the Obvious Thing at Cardinal Health 2023
Make the Right Thing the Obvious Thing at Cardinal Health 2023Make the Right Thing the Obvious Thing at Cardinal Health 2023
Make the Right Thing the Obvious Thing at Cardinal Health 2023
 
Enhancing DevEx and Simplifying Operations at Scale
Enhancing DevEx and Simplifying Operations at ScaleEnhancing DevEx and Simplifying Operations at Scale
Enhancing DevEx and Simplifying Operations at Scale
 
Spring Update | July 2023
Spring Update | July 2023Spring Update | July 2023
Spring Update | July 2023
 
Platforms, Platform Engineering, & Platform as a Product
Platforms, Platform Engineering, & Platform as a ProductPlatforms, Platform Engineering, & Platform as a Product
Platforms, Platform Engineering, & Platform as a Product
 
Building Cloud Ready Apps
Building Cloud Ready AppsBuilding Cloud Ready Apps
Building Cloud Ready Apps
 
Spring Boot 3 And Beyond
Spring Boot 3 And BeyondSpring Boot 3 And Beyond
Spring Boot 3 And Beyond
 
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdfSpring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
 
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
 
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
 
tanzu_developer_connect.pptx
tanzu_developer_connect.pptxtanzu_developer_connect.pptx
tanzu_developer_connect.pptx
 
Tanzu Virtual Developer Connect Workshop - French
Tanzu Virtual Developer Connect Workshop - FrenchTanzu Virtual Developer Connect Workshop - French
Tanzu Virtual Developer Connect Workshop - French
 
Tanzu Developer Connect Workshop - English
Tanzu Developer Connect Workshop - EnglishTanzu Developer Connect Workshop - English
Tanzu Developer Connect Workshop - English
 
Virtual Developer Connect Workshop - English
Virtual Developer Connect Workshop - EnglishVirtual Developer Connect Workshop - English
Virtual Developer Connect Workshop - English
 
Tanzu Developer Connect - French
Tanzu Developer Connect - FrenchTanzu Developer Connect - French
Tanzu Developer Connect - French
 
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
 
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring BootSpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
 
SpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software EngineerSpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software Engineer
 
SpringOne Tour: Domain-Driven Design: Theory vs Practice
SpringOne Tour: Domain-Driven Design: Theory vs PracticeSpringOne Tour: Domain-Driven Design: Theory vs Practice
SpringOne Tour: Domain-Driven Design: Theory vs Practice
 
SpringOne Tour: Spring Recipes: A Collection of Common-Sense Solutions
SpringOne Tour: Spring Recipes: A Collection of Common-Sense SolutionsSpringOne Tour: Spring Recipes: A Collection of Common-Sense Solutions
SpringOne Tour: Spring Recipes: A Collection of Common-Sense Solutions
 

Recently uploaded

Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesPhilip Schwarz
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEEVICTOR MAESTRE RAMIREZ
 
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprisepreethippts
 
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...Akihiro Suda
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed
 
A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfA healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfMarharyta Nedzelska
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Angel Borroy López
 
Xen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfXen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfStefano Stabellini
 
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsSensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsChristian Birchler
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024StefanoLambiase
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odishasmiwainfosol
 
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanySuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanyChristoph Pohl
 
Precise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalPrecise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalLionel Briand
 
Innovate and Collaborate- Harnessing the Power of Open Source Software.pdf
Innovate and Collaborate- Harnessing the Power of Open Source Software.pdfInnovate and Collaborate- Harnessing the Power of Open Source Software.pdf
Innovate and Collaborate- Harnessing the Power of Open Source Software.pdfYashikaSharma391629
 
Understanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM ArchitectureUnderstanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM Architecturerahul_net
 
Salesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZSalesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZABSYZ Inc
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Matt Ray
 
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptxReal-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptxRTS corp
 

Recently uploaded (20)

Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a series
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEE
 
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprise
 
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
 
2.pdf Ejercicios de programación competitiva
2.pdf Ejercicios de programación competitiva2.pdf Ejercicios de programación competitiva
2.pdf Ejercicios de programación competitiva
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
 
A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfA healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdf
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
 
Xen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfXen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdf
 
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsSensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
 
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanySuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
 
Precise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalPrecise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive Goal
 
Innovate and Collaborate- Harnessing the Power of Open Source Software.pdf
Innovate and Collaborate- Harnessing the Power of Open Source Software.pdfInnovate and Collaborate- Harnessing the Power of Open Source Software.pdf
Innovate and Collaborate- Harnessing the Power of Open Source Software.pdf
 
Understanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM ArchitectureUnderstanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM Architecture
 
Salesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZSalesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZ
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
 
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptxReal-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
 

DevSecOps with Confidence

  • 1. DEVSECOPS WITH CONFIDENCE Maria Gabriella Brodi @brodimg Prasanna Upperi @prasannaadn
  • 3. DEVSECOPS: A PERSPECTIVE 4 Development Quality Assurance Operations SecurityDevSecOps
  • 4. WHY SHOULD WE CAREABOUT DEVSECOPS? 5
  • 5. WHAT DO WE GET FROM DEVSECOPS 6 Predictable Control over the environment Traceable Provides auditing Trusted Scanned and signed artifacts Consistent Avoids configuration drifts
  • 6. Develop Test Build Scan Sign Deploy Monitor Validate ... REFERENCEPIPELINE Architect Unit Tests Code Coverage Code Scan Dependencies BoM Trusted Sources CVE Scan Configuration Sign Tag Publish Validatesignature ConfigurationCheck DeploymentStrategies Trusted Artifact
  • 7. Develop Test Build Scan Sign Deploy Monitor Validate ... REFERENCEPIPELINE: SEEDING... Architect Unit Tests IntegrationTests Code Coverage Code Scan Dependencies BoM Trusted Sources CVE Scan Configuration Sign Tag Publish Validatesignature DeploymentStrategies ConfigurationCheck
  • 8. STARTING ON A SOLID FOUNDATION: TOOLS AND PRACTICES Qualityand security cannot be injected: need to be embedded in the code. • TDD • OWASP Top 10 https://owasp.org/ • Spring Cloud Contract • Static Application Security Testing • Code analysis 9 Test
  • 9. INTEGRATION TESTS WITH TESTCONTAINERS 10 Test
  • 11. SECURITY OF CONTAINERS STARTS WITH A SECURE BASE IMAGE. 12 Control over the billing of material: •Source code •Dependent libraries •Base OS Reduce time to rebuild Reuse components Apply CVE Build
  • 13. 15 • Based on CNBP • Best practices in each ecosystem • Base images for build and run • Constantly updated SECURITY OF CONTAINERS STARTS WITH A SECURE BASE IMAGE Build
  • 14. IMAGE SCANNING AND SIGNING 17 • Role-Based Access Control (RBAC) • LDAP/AD Integration • Image Vulnerability Scanning (Clair) • Notary Image Signing • Policy-Based Image Replication • Graphical User Portal & RESTful API • Image Deletion & Garbage Collection • Auditing CLAIRE (scan) IMAGE REGISTRY NOTARY (sign) R E PL IC A TI O N Scan Sign
  • 15. MESH SOLUTION FOR MULTI OR HYBRID CLOUD: SERVICE MESH 18 Tanzu Service Meshplatform addresses a multitude of connectivity and security use cases in hybrid cloud environments. Global Name Space extends traffic control, security and observability across clusters and IaaS Global control plane controls many data plane Istio deployments manages the lifecycle of Istio from onboarding to Day2 and Day3 operations. Security expandsworkloadstrusted identity across multiple clusters and clouds Deploy Monitor
  • 17. DEMO o Push change to git o Automatic build o Automatic test Junit+testcontainers o Automatic image scanning + signing o New Version Rollout (Canary style) o Metrics collection o Automatic Promotion/Rollback 20
  • 18. • CONCLUSIONS: SHIFT LEFT TO 21 Reduce Reduce risks Maintain Maintain developer speed Embed Embed compliance in the pipeline's stages Improve Improve Observability Avoid Avoid configuration drifts
  • 19. NEXT STEPS FOR A COMPLETE COVERAGE Tools to manageat scale Cluster security SystemObservability
  • 20. Special thanks: Madhav Sathe @madhav_sathe Kathy Wan @queenwan