In the pursuit of rapid security innovation in the DevOps pipeline, the Continuous Delivery Foundation is working on implementing CDEvents. This talk will explore the transformative approach to achieving fast evolution in the DevOps pipeline so that DevOps and Security teams can easily implement critical security tools such as SBOMs and OpenSSF Scorecard.

Plug-ins, while useful for extending functionality, can often become bottlenecks, introduce dependencies, and complicate maintenance, hindering the agility of the DevSecOps process. Attendees will learn about CDEvents as an alternative strategy and architecture that promotes a more streamlined and resilient pipeline. Key topics will include CDEvents standards, the new “Hero Project’ for building a listener architecture and using Ortelius Open Source as a central evidence store for consolidating critical security data.

The talk will demonstrate how organizations can use CDEvents to successfully transition away from plug-in-heavy environments, leading to faster development cycles, improved system stability, and enhanced ability to respond to changing business needs.