Explore the challenges and solutions of securing Infrastructure as Code (IaC) pipelines in this 19-minute conference talk by Jon Zeolla at DevSecCon. Discover open-source security tools and learn about a new tool developed to simplify their management and deployment. Gain insights into implementing centralized visibility and distributed tool management for IaC-specific security policies. Understand the process of integrating security scans into existing IaC pipelines without disrupting team workflows, including a real-world rollout example. Learn strategies to avoid overwhelming teams with false positives and low-priority findings during implementation.
Overview
Syllabus
Simplifying IaC Security - Jon Zeolla
Taught by
DevSecCon
Related Courses
-
Security Testing for Terraform Templates (IaC) - DevOps and Cloud Security
-
DevOps foundations: The core principles and practices
-
Securing the IaC Supply Chain
-
Building a Secure CI/CD Pipeline - Beyond Security Tools Integration
-
Infrastructure as Code Security Best Practices and Strategies
-
The IaC Evolution - Open Source and Future Developments
