June 21-24, 2022
Austin, Texas, USA + Virtual
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit North America 2022 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Central Daylight Time (UTC -5). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.

Wednesday, June 22 • 4:35pm - 5:15pm
5 Open Source Security Tools All Developers Should Know About - Ran Regenstreif, Jit

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
The minimum viable security (MVS) approach, enables us to easily bake security into our config files, apps, and CI/CD processes with a few simple controls built - and the great part? It’s easily achievable through open source tooling. In this talk we will focus on five critical security controls that will be integrated as part of the CI/CD pipeline by leveraging some excellent open source tools, including: Bandit or SEMGrep for static application security (SAST), Gitleaks to detect hard-coded or insufficiently secured secrets & dependency checks (SCA), KICS for infrastructure as code (IaC) and OWASP’s ZAP for API and dynamic application security (DAST), in addition to custom controls to ensure proper enforcement of MFA via Github Security. These controls will provide a foundational framework for securing your applications from the first line of code, that will make it possible to continuously iterate and evolve your security maturity all the way through advanced layers of security that comes with time, as well as increased experience with your deployments, stacks, and security posture. Code examples & demos will be showcased as part of this session.

avatar for Ran Regenstreif

Ran Regenstreif

Engineering Team Lead, Jit
Ran Regenstreif is a team leader at Jit, the Continuous Security platform for developers. Ran has more than a decade of experience in engineering management roles in leading technology companies. Having gotten started in the 8200 Unit of the IDF Intelligence Corps, he was on the founding... Read More →

Wednesday June 22, 2022 4:35pm - 5:15pm CDT
Room 310/311 (Level 3)