Video from DDD:

Video from BSides NCL:

Recently I was tasked with building a CI/CD pipeline for a new project from scratch. This was great fun of course, but there were a huge amount of security concerns that I had to deal with along the way.

In this session, we’ll cover the essential steps in building secure pipelines - from making sure that keys and other secrets aren’t leaked in plain text in logs, ensuring nobody tampers with your Docker images, to evergreen dependency management. There’s a surprising depth to this! You may be familiar with terms such as “principle of least privilege” - we’ll go into how we can apply this when building, testing and deploying code through our delivery pipeline.

You will come out of this session with a better understanding of DevSecOps, gaining practical tips that you can use when building out your delivery pipelines back at work.

Slides

Presented At

  • Developer! Developer! Developer! Day, 12 Dec 2020
  • BSides Newcastle, 04 Sep 2020