Sam Hogarth

Newcastle upon Tyne, England, United Kingdom

CI/CD Pipeline Security

Recently I was tasked with building a CI/CD pipeline for a new project from scratch. This was great fun of course, but there were a huge amount of security concerns that I had to deal with along the way.

In this session, we'll cover the essential steps in building secure pipelines - from making sure that keys and other secrets aren't leaked in plain text in logs, ensuring nobody tampers with your Docker images, to evergreen dependency management. There's a surprising depth to this! You may be familiar with terms such as "principle of least privilege" - we'll go into how we can apply this when building, testing and deploying code through our delivery pipeline.

You will come out of this session with a better understanding of DevSecOps, gaining practical tips that you can use when building out your delivery pipelines back at work.


Sam Hogarth

Senior Developer, Tesco Bank

Sam is fascinated with making teams work together better, and keeping up with the ever-changing world of software engineering. He has a decade's worth of experience in highly-regulated environments, across finance, biotech and energy. Whether it's mobile, desktop, web, server or cloud, he has the battle scars. In his spare time, he can run a fine game of Dungeons and Dragons!

Sam's full speaker profile