Loading…
June 21-24, 2022
Austin, Texas, USA + Virtual
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit North America 2022 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Central Daylight Time (UTC -5). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.

Back To Schedule
Tuesday, June 21 • 12:00pm - 12:40pm
Security as Code: A DevSecOps Approach - Joseph Katsioloudes, GitHub

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Feedback form is now closed.
Security as Code (SaC) is the methodology of codifying security tests, scans, and policies. Security is implemented directly into the CI/CD pipeline to automatically and continuously detect security vulnerabilities. Adopting SaC tightly couples application development with security and vulnerability management, while simultaneously enabling developers to focus on core features and functionality. More importantly, it improves the collaboration between Development and Security teams and helps nurture a culture of security across the organization. In this session, we will review lessons learned from DevOps to implement a successful DevSecOps culture, in particular how we can make developers contribute security checks with the SaC approach. We will introduce CodeQL, a language that allows us to implement security checks with code, and will demo how we can code queries for vulnerabilities and misconfigurations so they can be identified as soon as they hit your CI/CD pipeline.
Speakers
avatar for Joseph Katsioloudes

Joseph Katsioloudes

Developer Advocate, GitHub
Joseph is a security expert who empowers developers to ship secure software through his research and education work at the GitHub Security Lab. His recent contributions include video content with combined 1M+ views packed with practical security tips, and the free game gh.io/securecodegame... Read More →

Security as Code Joseph Katsioloudes pdf
Tuesday June 21, 2022 12:00pm - 12:40pm CDT
Lone Star G (Level 3)
  Open Source On-Ramp, Security Automation