DevSecOps Roadmap: Practical examples for effective adoption

DevSecOps is a set of practices that combines development, security, and operations to improve the quality and reliability of software applications. GitLab is one popular platform that offers a set of tools for DevOps implementation.

By implementing DevSecOps with GitLab, organizations can improve their software applications, improve security and reliability, and reduce risk of security incidents, and increase the speed and efficiency of software development and deployment. We will delve into using SonarCloud for Static Application Security Testing (SAST), leveraging Trivy for both Software Composition Analysis (SCA) and Infrastructure as Code (IaC) security.

Vorkenntnisse

• Basic understanding of DevOps practices
  
• Familiarity with security concepts
  
• Experience with Cloud Platform
  
• Prior experience with GitLab

Lernziele

In this talk, I'll share my real-world experiences with DevSecOps, detailing how we've used tools like GitLab, SonarCloud, Trivy and other security tools. You'll hear about our roadmap, successes, the hurdles we've overcome, and the valuable lessons we've learned along that aims to give you practical tips and insights to help you effectively implement DevSecOps.