Session Name: Security in CI/CD pipeline - myth or truth
Today we are talking a lot about security, data protection, and privacy, but we are forgetting one pretty important aspect, a secure code. Most IT professionals or security experts expect an attack from the outside, but what if the real enemy is our code? Many times we see that developers forget to delete credentials from code, or just hard-code passwords, database endpoints, etc. From a security perspective, it is very hard to detect if an app is already deployed. In this session, I would like to present how Endava integrates security into our CI/CD pipelines and how it help us to identify security issues.
Mirza Dautbegovic is a DevOps Engineer, passionate about Cloud technologies and DevOps culture. On a daily basis, he builds infrastructure on AWS and Azure, also uses hybrid Cloud solutions. Currently, work as DevOps Engineer at Endava working with microservices, Cloud infrastructure, Containers Kubernetes, and many others. Over the last several years, he has promoted security in DevOps.