Adapting DevOps in a World of Growing Software Supply Chain Attacks • Adam Such • GOTO 202131:35 543 views 94% Published 2 months ago
This presentation was recorded at GOTO Copenhagen 2021. #GOTOcon #GOTOcph
Adam Such - Principal Solutions Architect for the Nordics region at Sonatype
Instinctively, we understand how critical this is, especially in a time of growing high profile attacks on software supply chains across the world - most recently Dependency Confusion, the Cloudflare and SolarWinds breach - embracing security as a development team has never been more important.
Done properly, DevSecOps practices shouldn’t interrupt the DevOps pipeline - but instead aid it - preventing costly rebuilds and build failures, down the road. By creating automated governance that is embedded early and throughout the software development lifecycle, developers have transparent access to digital guardrails integrated within our native tools — an approach that ensures security is being built in without slowing [...]
02:12 What you will learn
03:00 Why is there a new wave of cybersecurity attacks?
06:34 Where do vulnerabilities enter your supply chain?
15:46 Namespace confusion
18:06 Malicious code injections
20:40 How to prevent future attacks?
22:30 8 Rules
Read the full abstract here:
Aaron Parecki • OAuth 2.0 Simplified • https://amzn.to/2A3IMOf
Aaron Parecki • OAuth 2.0 Servers • https://amzn.to/3ecHEsz
Aaron Parecki • The Little Book of OAuth 2.0 RFCs • https://amzn.to/3i7qnlC
Erdal Ozkaya • Cybersecurity: The Beginner's Guide • https://amzn.to/2T6OIj3
Forsgren, Humble & Kim • Accelerate: The Science of Lean Software and DevOps • https://amzn.to/3tCz1xO
John Arundel & Justin Domingus • Cloud Native DevOps with Kubernetes • https://amzn.to/3hKZvI5
Wynne, Hellesoy & Tooke • The Cucumber Book • https://amzn.to/3tEUINJ
Robert C. Myers • Essential Test-Driven Development • https://amzn.to/2Xc8ZWa
Roy Osherove • The Art of Unit Testing • https://bit.ly/3obiKNB
Eric Ries • The Lean Startup • https://amzn.to/396fOva
Ronnie Mitra & Irakli Nadareishvili • Microservices: Up and Running• https://amzn.to/3c4HmmL
#DevOps #FutureOfDevOps #Maven #npm #GoLang #NuGet #RubyGems #PyPl #CyberSecurity #Security #DevSecOps #Typosquatting #NamespaceConfusion #CodeInjectinos #MTTU
Looking for a unique learning experience?
Attend the next GOTO conference near you! Get your ticket at https://gotopia.tech
SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily.