Developers love CI/CD: The Sec and Ops sequel
Continuous Integration and Delivery/Deployment helps speed up development and review workflows. Developers now can focus on code reliably tested in different environments. Once in a while the operations team gets paged on broken pipelines and jobs being stuck. Then the security audit has unveiled plain text secret exposure and dependency exploits.
The next horror story: The software cannot be deployed anymore since package dependencies are broken in a new distribution.
In this talk we take a different look and hear stories on making CI/CD pipelines more secure. Automated deployments and package/container repositories will also help to avoid redundant cycles and extra work hours.
In addition to that monitoring/observability combined with automation ensures to sleep in busy on-call times. No matter where you see yourself – in Dev, Sec or Ops.
Michael is a Developer Evangelist with 15+ years experience in ops and infrastructure management. He also is passionate about open source development (C++, C#, Go) and enjoys talking about CI/CD, monitoring/observability and security at events and meetups. Currently Michael is working at GitLab. When he is not engaging on social media, Michael enjoys building LEGO models.