Putting the Sec in DevSecOps | Talk Recording

Planning, provisioning, and changing infrastructure are vital to rapid cloud application development. Incorporating infrastructure-as-code into software development promotes transparency and immutability and helps prevent bad configurations upstream.

In this session, we’ll embed infrastructure-as-code security into a set of Auto DevOps gitlab pipelines, highlighting a workflow for catching issues in frameworks such as Terraform, CloudFormation and Kubernetes right from the developers IDE, through annotated merge requests and the pipelines themselves: We’ll close by diving into the destination cloud provider environments, providing full lifecycle visibility to maintain consistency and detect drift in runtime.