Explore common pitfalls and lessons learned from integrating security scanning into CI/CD pipelines in this 26-minute conference talk from BSidesSF 2020. Discover how Atul Gaikwad and Moses Schwartz navigated a critical incident where their security scanner disrupted all build pipelines. Learn valuable principles, implementation strategies, and best practices for successful integration, including indirection, configuration management, and vulnerability whitelisting. Gain insights into effective logging techniques and the importance of Groovy scripting in the process. Benefit from their experience to avoid similar mistakes and improve your own security scanning implementation in continuous integration and delivery workflows.
Overview
Syllabus
Introduction
Story Time
Principles
Indirection
Implementation
Configuration
Groovy Glue
Adding a scanner
Logs
Vulnerability whitelisting
Summary
Questions
Taught by
Security BSides San Francisco
![CNCF [Cloud Native Computing Foundation]](https://ccweb.imgix.net/https%3A%2F%2Fwww.classcentral.com%2Fimages%2Flogos%2Finstitutions%2Fcncf-cloud-native-computing-foundation-hz.png?auto=format&h=40&ixlib=php-4.1.0&s=41ac519a3d7def6c705637a8ae3c06c4){kind=small}
