Securing our applications and data has never been more topical. We've recently seen many high profile data breaches, numerous critical vulnerabilities and frantic teams left scrambling to mitigate the damage to their users and ultimately their company's brand. Our automated software delivery pipelines mean we can ship our code fast and without friction, but with multitudes of micro-services to manage, and their countless dependencies, the attack surfaces are increasingly vast and difficult to manage.
This talk will cover some of the approaches you can use to identify and mitigate security risk and maximise your team's ability to respond! By 'shifting security left' and leaning on automation you'll reduce your chances of becoming a media headline and be well on the way to being able to react swiftly when the next "Log4j" happens.
- Some approaches to embed in your software delivery workflows
- Some tools available to analyse risk and scan your CI/CD pipelines for vulnerabilities
- How and why you should automatically generate a Software Bill of Materials (SBOMs)