Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Kubecon 2020 NA Deck

Dan POP
November 20, 2020

Kubecon 2020 NA Deck

Dan POP

November 20, 2020
Tweet

More Decks by Dan POP

Other Decks in Technology

Transcript

  1. Dan Papandrea - Sysdig / POPCAST with Dan POP Steven

    Terrana - Chief Engineer @ Booz Allen Everything You Should Be Doing, But Aren’t: DevSecOps for K8s Workflows
  2. What is DevSecOps? Integrate security into every step of the

    Software Development Lifecycle Application Dependency Scanning Static Code Analysis Container Image Scanning Continuous Compliance Dynamic Application Security Testing Accessibility Assurance Secure Dependencies Secure Code Secure Artifacts Secure Infrastructure Secure Interfaces Accessible Interfaces Configuration Governance Secure Configurations Trusted Software Supply Chain Runtime Security Assess and Prevent
  3. How to build a pipeline Open your IDE Automate running

    Unit Tests on PR Automate every kind of quality and security test for every type of application across every team lolz good luck
  4. Why is this so hard? typically pipelines are built on

    a per-application basis, which makes life… difficult Time Complexity Standardization Sustainment Onboard teams one at a time Duplicate and tweak each pipeline copy/paste != governance Good luck updating every Jenkinsfile in every branch of every repo