Inserting Security into DevOps Pipelines the Fast Way

DevOps is all about speed and automation. However, AppSec is inherently manual and slow. Hence, the movement to make security an integrated part of the CI/CD pipeline has often been in conflict. In this webinar, we will focus on vulnerability and threat management tools such as:

  • Static Application Security Testing (SAST)
  • Dynamic Application Security Testing (DAST)
  • Software Composition Analysis (SCA)
  • Security Information & Event Management (SIEM)
  • Runtime Application Self Protection (RASP)

and how they all integrate to provide value at each stage of a DevOps workflow. In order to achieve a truly automated DevSecOps pipeline the key is making these tools work together. A DevSecOps pipeline should automate continuous improvement between development and production environments. This webinar will conclude with a model of how-to use source code analysis in development for the purpose of creating a security profile that protects the application in production. Furthermore, it will discuss how analytics from production can be used to inform security improvement in development, thus, completing and automating a continuous security loop.

Presenters of the Webinar

Chetan Conikee
Chetan Conikee
CTO & Co-Founder | ShiftLeft
Etan Lightstone
Etan Lightstone
VP of Product Design