Fight Back Against Cyber Risk in the Software Supply Chain - Secure DevSecOps Pipeline for Regulated Environments
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Explore strategies to combat cyber risks in the software supply chain through a secure and compliant DevSecOps pipeline designed for regulated environments. Learn from IBM experts Krishna Rajeesh Nallur Valiyaveettil and Brendan Kelly as they share their experience helping clients address security challenges using open-source tools. Discover best practices for secure software supply chains, including reliable automation with Everything as Code, early mitigation of security risks, standardization, and evidence gathering for audits. Gain insights into a specific solution based on the BIAN architectural framework for banking interoperability, demonstrating the application of Continuous Integration, Continuous Deployment, and Continuous Compliance using open-source tools like Tekton, Terraform, and SonarQube. Understand the importance of secure DevSecOps pipelines in regulated environments, particularly in the financial services sector, and learn how to implement these practices to reduce cyber threats and ensure safe deployment of regulated workloads.
Syllabus
Intro
Cyber Risk affecting SW Supply Chains
Supply Chain Risks
DevSecOps Pipeline Principles
Continuous Integration
Continuous Delivery/Deployment
Continuous Compliance
Case Study - BIAN
BIAN Pipeline Flow
Lessons Learned
Taught by
CNCF [Cloud Native Computing Foundation]