Security as Code - A DevSecOps Approach

Explore the methodology of Security as Code (SaC) in this conference talk from NDC Security 2023. Learn how SaC codifies security tests, scans, and policies, integrating them directly into the CI/CD pipeline for automatic and continuous vulnerability detection. Discover how adopting SaC tightly couples application development with security management, allowing developers to focus on core features while improving collaboration between Development and Security teams. Gain insights into implementing a successful DevSecOps culture by applying lessons learned from DevOps. Get introduced to CodeQL, a language for implementing security checks with code, and watch a demonstration on coding queries for vulnerabilities and misconfigurations to be identified within your CI/CD pipeline.