CI/CD Continuously protect pipelines and reduce risks (GER)
CI/CD pipelines are always a popular target as part of software supply chain attacks. However, Log4J or Log4Shell have also clearly shown that high risks exist in software operation and that a software catalog is very important. Therefore, continuous monitoring and recording of the pipeline recipes and the loaded and created artifacts (dependencies, scripts, applications, containers) as well as the path the artifacts take is extremely important. Ideally, this information should be kept searchable and tamper-proof. This talk will show how information can be kept searchable and tamper-proof with open source and commercial solutions.
Dennis Zimmer is CTO and co-founder of the open source company Codenotary. His focus is on DevSecOps and software supply chain security. He is an expert in virtualization, containerization and software development processes and has been a VMware vExpert since 2009. Dennis Zimmer is also an expert in the field of cryptographic protection of data and processes. He has been a book and magazine author since 2006.