Session Name: Building a Secure By-Design Pipeline with an Open Source Stack
CI/CD has become the core of all engineering organizations, particularly as engineering velocity increases, the number of services that are managed, deployed & updated constantly, & the diversity of 3rd-party applications our pipelines integrate with. That is why ensuring the security of our CI/CD pipeline is no longer “nice to have”, but a critical piece when delivering our software to production.
In this talk, we’d like to walk you through the process of building an end-to-end secure pipeline, and the gotchas to look out for when it comes to pipeline security - from misconfigurations in IaC & YAML, to overly permissive CPU limits, and even insecure tagging between dev & prod.
We’ll take a deep dive into how we secure our code & configuration, the pipeline itself & its integrations (SBOM), and our K8s deployments, and ensure that we have continuous visibility with the right monitoring controls in place. All this will be demoed as code with common open-source tooling.
Rotem is Director of Engineering at ARMO, where she contributes to the Kubescape open source project, as a staunch and passionate supporter of making open source security better and more accessible for everyone. Rotem is an engineering veteran, with experience as a software developer, architect, product manager, with a focus on the security discipline. She has many years of experience in all aspects of Kubernetes engineering from deployment across various environments, through monitoring––with specific expertise in working with Prometheus and its open source suite––as well as bringing deep know-how in all aspects of IaC, driving best practices and methods wherever she goes.