Securing the DevSecOps Platform: Approaches, Methods, and Tools

Aarlen Baker, Principal Security Technologist, Wind River at Embedded World 2021

DevOps is enabling faster deployment and more secure software to devices by tightly coupling development and operations functions. Much of the security focus is on “shifting left” the security testing in the development lifecycle of the software. However, to put the “Sec” (security) into DevSecOps, the development environment of that DevSecOps pipeline itself must first be secured.

This presentation provides a summary of:

A security assessment of the essential elements of a DevSecOps environment
The methods used to secure the environment
Practical usage of the distributed, immutable, and ephemeral (DIE) principles in furthering the security of the DevSecOps environment
Lessons learned in engaging a third-party penetration test company to confirm the DevSecOps environment is indeed secure

Wind River Edge

VxWorks

Wind River Linux

Wind River Helix Virtualization Platform

Wind River Studio

Pipelines

Virtual Lab

Test Automation

Over-the-Air Updates

Digital Feedback Loop

Cloud Platform

Conductor

Analytics

Industries & Insights

Resource Library

Wind River Studio Services »

Wind River Acceleration Program

Security & Support

Security Center

Support Network

About Wind River »

Securing the DevSecOps Platform: Approaches, Methods, and Tools