OSMC is the annual meeting of international monitoring experts, where future trends and objectives are set. Learn which monitoring and observability solutions are available and how they can best be integrated with other tools! The three-day event comprises up to four workshops on the first day, followed by 2-3 technical tracks on the second and third day.
At this event, Joseph Katsioloudes presents Security as Code: A DevSecOps Approach.
Security as Code (SaC) is the methodology of codifying security tests, scans, and policies. Security is implemented directly into the CI/CD pipeline to automatically and continuously detect security vulnerabilities. Adopting SaC tightly couples application development with security and vulnerability management, while simultaneously enabling developers to focus on core features and functionality. More importantly, it improves the collaboration between Development and Security teams and helps nurture a culture of security across the organization.
In this session, we reviewed lessons learned from DevOps to implement a thriving DevSecOps culture, in particular how we can make developers contribute security checks with the SaC approach. We introduced CodeQL, a language that allows us to implement security checks with code. We demoed how we can code queries for vulnerabilities and misconfigurations so they can be identified as soon as they hit your CI/CD pipeline.