Abstract

Policy as Code in DevSecOps is about treating security and compliance policies with the same level of automation, integration, and version control as application code. Join our session for a discussion and real-world examples of how to use policy-as-code tools to speed up security testing, increase efficiency by removing manual policy enforcement, and minimise mistakes while enabling validation.

Outline/Structure of the Talk

Agenda:
- Background
- What are we trying to solve?
- Types of Application + Cloud Vulnerabilities
- Strategy at scale
- Putting it into practice
- Q & A

Learning Outcome

At the end of the session, attendees will understand why automating policy is critical to implementing a successful DevOps program. They will see how to use an open-source policy tool to write automated tests against structured configuration data, in order to enforce security in a build pipeline. Links to example configuration tests will also be provided.

Target Audience

DevOps Teams, Application Developers and Security Teams