You might have seen one of my previous sessions on (Azure) DevOps or know about pipelines already. Although pipelines are awesome, they often don’t have security integrated. And that’s exactly what this session will cover. Sometimes described as “shifting left”, it means organizations should try and integrate security as early in the devops process as possible. This session will cover different DevOps security capabilities like Microsoft Threat Modeling tool, integrating vulnerability code scanning of your source control across devops tools, how to securely store secrets in Azure KeyVault and reuse it in pipelines and integrating security into your container images.
As typical in Peter’s sessions, this will be mainly whiteboarding and demos, instead of flipping PowerPoint slides.