|Sheshagiri (Giri) Rao
Discover Financial Services
OSS for Enterprises: Procure Secure Components Faster with Superior Developer Experience
Wednesday 8/14 | 2:45 PM - 3:30 PM | Room 2002
Open Source is an integral part of Application Development today. Although most of it is good, some are malicious and vulnerable. How do you automatically and contextually enforce policies (Security, License & Architecture) across the entire software development lifecycle and manage risk better without compromising the developer experience?
Developing for Deterministic Deliveries
Thursday 8/15 | 11:30 AM - 12:15 PM | Room 2000
The practice of engineering the processes of a development effort are often ad hoc. While that can work well for trivial things, it tends to be under-clubbed for larger efforts. This talk deals with the happy medium, but leaning more towards enterprise efforts and the results that are usually expected. We’ll talk about and demonstrate elements of a consistent build lifecycle, why you need one, and discuss what happens when you don’t.
Director Global Alliances
DevSecOps Workshop: Security at a DevOps Speed
Tuesday 8/13 | 8:00 AM - 12:00 PM | Room 3020
Join Curtis Yanko and DJ Schleen for a hands-on workshop, as they share tips and best practices for building better software, faster. Learn how to easily set up a Jenkins pipeline to automatically scan, detect, understand, and remediate known-vulnerable open source components.
Diving into a DevSecOps Reference Architecture
Wednesday 8/14 | 10:30 - 10:45 AM | Room 2011
As DevOps practices are maturing rapidly, elite organizations are automating security earlier in the development lifecycle and managing software supply chains as a critical differentiator to their competitors. But, not all DevSecOps practices need to be, or should be, the same. There are many ways to reach the same goal. Understand what tools, communication flows, stakeholders, and policies your peers are using as they implement DevSecOps practices. Attendees will receive a model DevSecOps reference architecture to modify and adjust to their own organization’s requirements.
Blue is the New Green
Wednesday 8/14 | 1:45 - 2:30 PM | Room 3014
Blue/Green deployments can reduce downtime and risk when pushing applications to production. Join DJ as he introduces the technique of operating with Blue/Green pipelines, how to use infrastructure as code to create them, experimentation with security toolsets and the architectural concerns that need to be considered when utilizing this approach to reduce the risk of pipeline breaks.
Identifying Security Vulnerabilities at Scale: Venture Inside a Jenkins Pipeline
Thursday 8/15 | 1:45 - 2:00 PM | Room 2011
Automatically scan, detect, understand, and remediate known vulnerable open source components in your Jenkins pipeline. Witness a live attack against the Struts2 open source vulnerability (the same one that impacted Equifax). Then see how a DevOps pipeline using Jenkins, Nexus and other popular tools is used to eliminate such vulnerabilities. Justin will also reveal how Sonatype’s Nexus solution can help DevOps teams apply automation to accelerate remediation of open source components that go bad long after they had been deployed into production.
10 Attributes of the DecSecOps Elite
Thursday 8/15 | 2:45 - 3:45 PM | Room 2008
Come participate in this session where we will share the 10 habits practiced by the DevSecOps Elite that you can then apply to -- or further mature within -- your own organization. We will also uncover what our analysis revealed about securing CI/CD pipelines, including what popular Jenkins plug-ins are used for security.