DevSecOps - The Changing Landscape of Attacks, Maury Cupitt, Sonatype

Organizer: Triangle DevOps
Click here for registration info

The modern day application consists of approximately 80% open source code. In 2017 there were 87 Billion Downloads from The Central Repository (the largest open source Java repository in the world). 1 in 8 of those open source libraries contain a known security vulnerability. Known vulnerabilities in open source are widely exploited as an attack vector and lead to well document breaches such as the one that hit Equifax in 2017 (Apache Struts 2 Rest API library).

Cyber Security crime costs the global economy $450 billion in 2016. This eclipsed the entire illicit drug trade which cost the global economy $430 billion.

Companies looking to accelerate development and embrace DevOps need to embrace solutions like Jenkins to automate their builds and releases. Companies looking to innovate faster while reducing their risk need to ensure security is included in the development process (DevSecOps) by building secure CI/CD pipelines with integrated and automated quality guardrails such as Nexus Firewall and Nexus Lifecycle for Open Source Governance and inspection during every Jenkins Build.

In this session we will take you through how to configure your builds in Jenkins that ensure development can continue to accelerate while also layering in open source security and governance.


Poster: triangletech