Overview
Explore the top 10 challenges facing DevSecOps implementation in this 26-minute OWASP Foundation talk by Gary Robinson. Delve into the complexities of integrating security into DevOps processes, drawing from experiences with hundreds of companies. Learn why DevSecOps isn't simply about hooking APIs into CI/CD pipelines, but rather about delivering precise, usable security data at the right time and place. Discover strategies for planning automation, fitting security into CI/CD without disruption, reducing issues, handling multiple tools, automating triage, aligning with development workflows, prioritizing effectively, and improving through metrics and insights. Gain valuable insights on overcoming common pitfalls and achieving the true promise of DevSecOps to reduce business risk within the fast-paced DevOps environment.
Syllabus
Intro
What the heck is this one about?
Plan your automation approach
Fit security into CI/CD
Don't screw up CI/CD
Reduce issues, don't increase
Handle plenty of tools
Automate triage
Map to how dev works
Prioritize properly
Metrics, insights, improvement
Communication
Taught by
OWASP Foundation