Building Trust: Strengthening Your Software Supply Chain Security [eng]
The talk focuses on developing and integrating automation tools to enhance Supply Chain security. It addresses reproducible security practices with tools like Renovate and Wiz, as well as GitLab and JFrog Artifactory, to enforce consistent security scans seamlessly within existing workflows.
We will cover centralized artifact management for improved oversight and consistency. Furthermore, we will discuss the seamless integration of security scans into deployment tooling, featuring automatic deployment blocks for vulnerabilities and a controlled override option for flexibility.
The talk also examines tactics to keep the source code secure and up to date. We will explore the integration of runtime monitoring systems with detection capabilities and SLAs to manage and resolve issues on time.
- 13+ years in the industry.
- Has role-switching experience to better understand both worlds: engineer -> manager -> engineer.
- Author of devDosvid technical blog about Cloud Native technologies and Developer Experience.
- Expert in CI/CD, cloud infrastructure and Security Automation.
- Former DevOps coach at Hillel IT School.
- Lives in Berlin, but originally from Kharkiv.
- LinkedIn, Technical blog