Session

Security safeguards in continuous integration

Learn how to safeguard your software development project by implementing automated security checks in continuous integration pipeline. Learn what is behind acronyms like SAST, SCA, DAST, SBOM and SARIF.

Examples are done with .NET, PowerShell and GitHub actions but are applicable to other tech stacks too.

Topics:
- How the GitHub Actions work
- What is a good security test in continuous integration
- How to analyse your code against defects
- How to analyse your dependencies against known vulnerabilities
- How to check your open source licenses
- How to scan your code for secret leaks
- How to scan your infrastructure as code for misconfigurations
- How to generate bill of materials
- How to check http security headers status from a website
- Implementing branch guards

Prerequisites:
- Text editor
- git
- GitHub Account and Public repository

Target audience:
- Security Engineers
- Software Developers
- Anyone interested

Pasi Huuhka

DevOps Architect at Zure, DevTech MVP

Helsinki, Finland

Actions

Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.

Jump to top