Security as Code: A DevSecOps Approach
You've found a Premium Feature!
Certain videos, events and workspaces require a Premium Membership. Become a Skills Matter Premium Member today to access exclusive benefits including free tickets to online conferences, Members-only events and discounts on training.
Unlock this VideoSecurity as Code (SaC) is the methodology of codifying security tests, scans, and policies. Security is implemented directly into the CI/CD pipeline to automatically and continuously detect security vulnerabilities. Adopting SaC tightly couples application development with security and vulnerability management, while simultaneously enabling developers to focus on core features and functionality. More importantly, it improves the collaboration between Development and Security teams and helps nurture a culture of security across the organization.
In this session, we will review lessons learned from DevOps to implement a successful DevSecOps culture, in particular how we can make developers contribute security checks with the SaC approach. We will introduce CodeQL, a language that allows us to implement security checks with code, and will demo how we can code queries for vulnerabilities and misconfigurations so they can be identified as soon as they hit your CI/CD pipeline.
YOU MAY ALSO LIKE:
Thank you to our sponsors and partners
Platinum
Gold
Silver
Bronze
Security as Code: A DevSecOps Approach
Nancy Gariché
Nancy Gariché is a Senior Developer Advocate for GitHub Security Lab, where she helps build bridges between developers and security professionals to protect the open-source ecosystem.