Aarlen Baker, Principal Security Technologist, Wind River at Embedded World 2021
DevOps is enabling faster deployment and more secure software to devices by tightly coupling development and operations functions. Much of the security focus is on “shifting left” the security testing in the development lifecycle of the software. However, to put the “Sec” (security) into DevSecOps, the development environment of that DevSecOps pipeline itself must first be secured.
This presentation provides a summary of:
- A security assessment of the essential elements of a DevSecOps environment
- The methods used to secure the environment
- Practical usage of the distributed, immutable, and ephemeral (DIE) principles in furthering the security of the DevSecOps environment
- Lessons learned in engaging a third-party penetration test company to confirm the DevSecOps environment is indeed secure