Secure DevOps
DevOps allows fast automation of every part of a software's life cycle from a unit test to an entire NFV cloud deployment. If we boil down DevOps to its components, DevOps is no more then a chosen set …
Talk Title | Secure DevOps |
Speakers | Luke Hinds (Engineer, Red Hat) |
Conference | Open Networking Summit North America |
Conf Tag | |
Location | Los Angeles, CA, USA |
Date | Mar 26-30, 2018 |
URL | Talk Page |
Slides | Talk Slides |
Video | |
DevOps allows fast automation of every part of a software’s life cycle from a unit test to an entire NFV cloud deployment. If we boil down DevOps to its components, DevOps is no more then a chosen set of tools, coupled with scripts and config files and realised as a unified methodology. As with any powerful tool set, there are inherent risks around security. These are also not just theoretical risks, many large scale corporate companies have been hacked as a result of insecure implementation of DevOps tooling. This talk will discuss some recent attacks and what we can learn from these attacks. It will also include clear examples of common risks and how to remediate those risks and improve the security posture of a users CI / CD environment. Included in this will be an overview of the tool ‘anteater’ - a security audit tool we have developed in OPNFV release engineering.