Developers love CI/CD: The Sec and Ops sequel

Continuous Integration and Delivery/Deployment helps speed up development and review workflows. Developers now can focus on code reliably tested in different environments. Once in a while the operations team gets paged on broken pipelines and jobs being stuck. Then the security audit has unveiled plain text secret exposure and dependency exploits.

The next horror story: The software cannot be deployed anymore since package dependencies are broken in a new distribution.

In this talk we take a different look and hear stories on making CI/CD pipelines more secure. Automated deployments and package/container repositories will also help to avoid redundant cycles and extra work hours.

In addition to that monitoring/observability combined with automation ensures to sleep in busy on-call times. No matter where you see yourself – in Dev, Sec or Ops.

Michael is a Developer Evangelist with 15+ years experience in ops and infrastructure management. He also is passionate about open source development (C++, C#, Go) and enjoys talking about CI/CD, monitoring/observability and security at events and meetups. Currently Michael is working at GitLab. When he is not engaging on social media, Michael enjoys building LEGO models.

This post is also available in: German