First Steps to Full Lifecycle Security in your DevOps pipeline with Open Source Tools
06-21, 13:00–14:30 (Europe/Amsterdam), Expo 1

A key element of successfully integrating security into the DevOps lifecycle is embedding it right from the start. Helping developers and operators build security controls in from day one with easy-to-use open source tooling can make that a reality. This workshop will take a hands-on approach to demonstrate how to install, configure and customize open source security tools to be used throughout the DevOps process. The workshop will focus on a couple of core tools. Firstly understanding how Trivy, and similar security scanners, can be used to help secure filesystems, repositories, container images, Dockerfiles, Kubernetes manifests and IaC code such as Terraform. Then the workshop will move on to operationalizing security controls in your deployment pipeline, providing continuous security assurance of workloads.

Anaïs is a Developer Advocate at Aqua Security, where she contributes to Aqua’s cloud native open source projects. When she is not advocating DevOps best practices, she runs her own YouTube Channel centered around cloud native technologies. Before joining Aqua, Anais worked as SRE at Civo, a cloud native service provider, where she worked on infrastructure for hundreds of tenant clusters. As OpenUK ambassador, her passion lies in making tools and platforms more accessible to developers and community members.