Talk: Best practices for securing CI/CD pipeline
DevOps practices are in a place; containers are everywhere, pipelines are flying. We do Agile. We do DevOps. Now we try to follow security practices for protecting the deployed resources, too. This is a reason why DevSecOps is not hype anymore and is gaining more prominence. There is a lot of information about DevSecOps, but how to do it properly? Where to start? What are the best practices?
In this session, we will walk through an end-to-end scenario where we will deploy infrastructure components securely to Azure using Azure DevOps, Azure Container Registry and security tools. We will build a pipeline with security in mind to protect and detect potential security flows during the build.
You will learn:
- How to build end-to-end CI/CD pipeline that builds the application and deploys infrastructure on Azure with security checks for the application, containers and infrastructure;
- What are the security tools available for CI/CD pipeline and how to implement them in the best way into different Git workflows;
- Best practices and patterns of building security pipelines.