Securing the DevSecOps Platform: Approaches, Methods, and Tools

Aarlen Baker, Principal Security Technologist, Wind River at Embedded World 2021

DevOps is enabling faster deployment and more secure software to devices by tightly coupling development and operations functions. Much of the security focus is on “shifting left” the security testing in the development lifecycle of the software. However, to put the “Sec” (security) into DevSecOps, the development environment of that DevSecOps pipeline itself must first be secured.

This presentation provides a summary of:

  • A security assessment of the essential elements of a DevSecOps environment
  • The methods used to secure the environment
  • Practical usage of the distributed, immutable, and ephemeral (DIE) principles in furthering the security of the DevSecOps environment
  • Lessons learned in engaging a third-party penetration test company to confirm the DevSecOps environment is indeed secure
Previous Video
Agile Test Orchestration for Embedded Software (Embedded World 2021)
Agile Test Orchestration for Embedded Software (Embedded World 2021)

https://www.windriver.com/events/embedded-world-2021 James Hui, Senior Solutions Architect, Wind River, spe...

Next Video
Embedded Systems Go Mainstream (Embedded World 2021)
Embedded Systems Go Mainstream (Embedded World 2021)

https://www.windriver.com/events/embedded-world-2021 Maarten Koning, Wind River Fellow Autonomous embedde...