The Challenge and Solutions to Implement DevSecOps into Large Banks
As one of the largest banks in the world, we have run a few years DevOps program in HSBC Technology to establish DevOps culture and mindset between teams. Since 2018, we starts to integrate Cyber Secu …
| Talk Title | The Challenge and Solutions to Implement DevSecOps into Large Banks |
| Speakers | JIHAI ZHOU (Head of DevOps HSBC China GBM, HSBC), Weiqiang Yang (Head of Application Security China) |
| Conference | KubeCon + CloudNativeCon |
| Conf Tag | |
| Location | Shanghai, China |
| Date | Jun 23-26, 2019 |
| URL | Talk Page |
| Slides | Talk Slides |
| Video | |
As one of the largest banks in the world, we have run a few years DevOps program in HSBC Technology to establish DevOps culture and mindset between teams. Since 2018, we starts to integrate Cyber Security into DevOps culture by running DevSecOps program. We aim to shift left the Cyber security mindset to the development teams through promoting DevSecOps tools combined with the relevant training.In this presentation, we will share how to integrate DevSecOps tools, such as Checkmarx, Contrast and Sonatype IQ into development CICD pipeline to produce vulnerability dashboardIn addition, we will demonstrate three different ways to provide cyber security training to help development teams gradually grow their knowledge to have the capability to fix the vulnerability reported by DevSecOps tools, as well as establishing the brand new mindset over the time
