Building Trust: Strengthening Your Software Supply Chain Security [eng]
The talk focuses on developing and integrating automation tools to enhance Supply Chain security. It addresses reproducible security practices with tools like Renovate and Wiz, as well as GitLab and JFrog Artifactory, to enforce consistent security scans seamlessly within existing workflows.
We will cover centralized artifact management for improved oversight and consistency. Furthermore, we will discuss the seamless integration of security scans into deployment tooling, featuring automatic deployment blocks for vulnerabilities and a controlled override option for flexibility.
The talk also examines tactics to keep the source code secure and up to date. We will explore the integration of runtime monitoring systems with detection capabilities and SLAs to manage and resolve issues on time.
- 13+ років в індустрії
- Має role-switching досвід для кращого розуміння обох світів: інженер -> менеджер -> інженер.
- Автор технічного блогу devDosvid про Cloud Native технології та Developer Experience.
- Експерт з CI/CD, хмарної інфраструктури та Security Automation.
- Колишній DevOps тренер в Hillel IT School.
- Мешкає в Берліні, але родом з Харкова.
- LinkedIn, Technical blog