Explore the concept of Security as Code (SaC) in this 37-minute conference talk from KubeCon + CloudNativeCon Europe. Learn how to implement security directly into CI/CD pipelines for continuous vulnerability detection. Discover the benefits of adopting SaC, including improved collaboration between Development and Security teams and fostering a security-focused organizational culture. Gain insights into implementing a successful DevSecOps culture by applying lessons learned from DevOps. Get introduced to CodeQL, a free language for open-source projects that enables coding security checks. Watch a demonstration on creating queries for identifying vulnerabilities and misconfigurations in CI/CD pipelines. Benefit from shared experiences and lessons learned from providing security advice to six open-source projects during free office hours.
Overview
Syllabus
Security as Code: A DevSecOps Approach - Xavier René-Corail, GitHub
Taught by
CNCF [Cloud Native Computing Foundation]
