Protecting the Build Pipeline through DevSecOps
As a developer or tester, security may not be at the forefront of your mind. Security typically only becomes a priority when the dedicated security team gets involved. However, there are tools and techniques you can learn now to give you the arsenal to prepare for security team demands.
Join Yesenia Yser as she shows you how you can defend your build pipeline using open source tools and freely available features in Github. Yesenia will walk you through basic to advanced security tooling to prevent the security team from impacting your project plans.
By the end of the session, participants will be able to:
- Describe best practices for gating your build to prevent critical security findings from being released.
- Tighten access controls and handle Github security advisories.
- Enable GPG signing on commits for maintaining the integrity of a patch.
- Implement code scanning, secret scanning and Dependabot.
- Perform commit and tag signing, and use sigstore to sign releases and get them verified.
Yesenia Yser, Red Hat
Yesenia is an invited speaker for PNSQC 2022. Read more about her presentation and bio here.