Security Tooling in the DevOps Pipeline

In the quest to be first to market, DevOps has been a strategy of choice to improve agility in development teams. As these teams push code to production faster and faster, slow and manual security assessments need to be replaced with new ways for application security assessments. This presentation explains how to deal with security considerations with demos of tools and integrations in action.

This talk explores how we can use tooling and automation to include security early on and throughout a continuous integration/continuous delivery (CI/CD) pipeline. Scanning the platform for vulnerabilities and the code for third-party components with known vulnerabilities, using static code analysis and performing dynamic security testing are some of the strategies we will use to ensure that security can catch up and keep up with the speed of DevOps.

Video producer: https://ndcoslo.com/