11:30 am - 12:15 pm, October 23
Length: 45 minute(s)
When we say DevSecOps what do we mean? Is this about injecting a security mindset into app dev and the DevOps cycle or is it about injecting a DevOps mindset into security professionals and the security operations cycle? We’ve spoken at length about Infrastructure as Code but we don’t talk about Security as Code. This session will discuss if and how we can embed security into the CI/CD process, how we can automate testing for compliance with security policies, and how we can automate production changes driven by security such as vulnerability patching and compliance with a secure baseline configuration.