Security isn’t just a checkbox — it’s what enables teams to move fast with confidence. Managing Kubernetes security across thousands of services and deployments is like herding cats — except the cats can accidentally expose your entire infrastructure.

This talk shares Shopify’s real-world journey of securing its infrastructure monorepo, where a single misconfiguration could impact millions of merchants worldwide. We’ll walk through how Shopify combined Semgrep for static code analysis and Open Policy Agent (OPA) for dynamic policy enforcement to detect and prevent risky configurations before they reach production. Along the way, we’ll share the wins, rough patches, and lessons that helped us integrate these tools at scale with less friction.

Attendees will learn how to use open-source tools to automate security checks, enforce policy, and enable their teams to ship fast and securely.