Deep Dive into DevSecOps

DevSecOps is a misnomer. Smashing Security in between Dev and Ops is the wrong way to think about optimizing your DevOps + Security pipeline. Many believe security is the blocker before getting their applications out to production. Owned by some distant, unapproachable team, security can seem like the new deep divide with a 'throw it over the wall' mentality. Instead, Security must be sprinkled throughout the DevOps cycle, taught from the beginning when developing best practices and automating compliant infrastructure, and owned by both DevOps and Security, working as a team. In this webinar, we will dive deep into a sample DevSecOps culture and pipeline and show precisely how Security is not the blocker some make them out to be but an enabler to a positive customer and internal experience. Using the GitLab Secure and Defend solution, we’ll highlight where and how the protections of SAST, DAST, vulnerability scanning, license management, compliance management, and more can be a part of your development process and not a blocker. Additionally, we’ll identify where both DevOps and Security teams can knowledge share in order to best aid each other toward a more efficient, and more secure, pipeline and product. We will focus on a fictional company, specific challenges they faced, and the things they did to address those challenges from Threat Modeling and Risk Classification, Security and DevOps Education, Automated Policy Enforcement, Secrets Management, Vulnerability Scanning, SAST and DAST, monitoring, and more. We'll step through the DevOps cycle and expose exactly where Security comes into play and how many of the steps/process/requirements can be automated to eliminate toil.