DevSecOps Transformation at Speed and Scale Using Tekton

Explore a comprehensive conference talk on DevSecOps transformation using Tekton, presented by Caroline Cameron and Tony Higham from IBM. Discover how to address the challenges of distributed development efforts and inconsistent security practices across teams. Learn about standardizing CI/CD security and compliance automation for development teams while centralizing platform operations and maintenance. Gain insights into preventing software security issues from reaching production systems and streamlining compliance audits through built-in DevSecOps practices. Understand how Tekton is utilized as an open-source orchestrator to standardize CI/CD processes and contribute enhancements to benefit all users. Examine the integration of open-source scanning tools like Clair, SonarQube, and OWASP ZAP for threat intelligence, SAST, and DAST. Delve into the concept of Continuous Compliance (CC) pipeline, which ensures daily vulnerability scans of deployed applications and offers unique auto-remediation and incident closure capabilities.