Explore the challenges and solutions of securing Infrastructure as Code (IaC) pipelines in this 19-minute conference talk by Jon Zeolla at DevSecCon. Discover open-source security tools and learn about a new tool developed to simplify their management and deployment. Gain insights into implementing centralized visibility and distributed tool management for IaC-specific security policies. Understand the process of integrating security scans into existing IaC pipelines without disrupting team workflows, including a real-world rollout example. Learn strategies to avoid overwhelming teams with false positives and low-priority findings during implementation.
Overview
Syllabus
Simplifying IaC Security - Jon Zeolla
Taught by
DevSecCon