Hello! Welcome Shivani
Hi Andrew! Hi Nancy!
Good day folks
Hey Garth! :)
Welcome Didar :)
good to be here!
Hahaha Thanks @Nicholas! :)
Thanks Didar! I think Sherif is trying to embody some of the "Kassia-isms" it's part of our shared development plans. ;)
Love the enthusiasm Didar, you are 100% in the right place!
Hi Didar, Nice to see you here
you too girl!
yes, you'll get the slides in the follow up today :)
Awesome question! Thanks @anon
That was from Doug Caldwell - sorry Anon is on by default. I may ask again later as suggested. I am in a large enterprise with a lot of interdependent apps - also Change management is part if the Common Controls - ITSG-33 etc.
Thisi has to be possilbe justhave to find a reasonable way to do it.
OWASP DevSecOps maturity model
it is live
but it is a guidline
need your own metrics to measure your own success, right?
Perhaps Didar can present the OWASP DevSecOps maturity Model at an OWASP Ottawa Meetup =)
Thanks @Doug, I'll flag Sherif to this question and we can always speak directly outside of this session if we run out of time! email@example.com
https://owasp.org/www-project-devsecops-maturity-model/ (FYI - No project level on webpage)
@garth following you on twitter, let’s chat there further : )
@Kassia - Thanks!
I always wanted to work on a transition. =)
I said other because ours is different per team, some teams include some security tooling in their pipeline some don’t
Hi Lana! :)
Love the way how sherif is focusing on the fact that devsecops is about culture
hahaha! @Didar :)
Since Github cloud allows free private repos I have been using that exclusively lately
Thanks Deniz! Great resource
Here is a guide Deniz made to configure GitHub Cloud in a secure way (feel free to create issues to improve) : https://github.com/dduzgun-security/github-enterprise-cloud-configuration
Meenakshi Sundaram Koushik
Thanks Deniz! That looks very detailed. Appreciate your sharing it.
Deniz Onur Duzgun
Anytime :) @Didar bir şey degil haha
There are some tools. Specific around Infrastructure as code
there are a few TM tools
There are more policy tools around Infrastructure as code but there is one I know of that attempts at threat modeling
But what type of threat modelling is also a question
Anyone interested in joining our next Weekly Tuesday reshift demo, here's the link! https://us02web.zoom.us/webinar/register/WN_nFxrCs9rQ3OnG7M10Nwi6Q
Blow your horn @Didar! We love shared tools!
I don’t want to blow my own horn here, but at the open security summit, we covered a few TM automation tools and their videos are at our youtube channel: https://www.youtube.com/playlist?list=PLxLweN1tBkoQEc2O9_SZtV5urGTn487os
thanks for having an open platform
@ sherif, How did you get the spotbugs report after the GitHub actions run?
Gotta drop, thanks for the great talk!
Awesome to have you back Nicholas and Barry!
have to leave . thanks for a great webinar - looking forward to next week
Thanks @ Doug, reach out if you'd like and we can chat offline! Otherwise see you next week!
Great session looking forward tp more
Thanks for joining Shivani! Your friends are welcome :)
To send Sherif an email - firstname.lastname@example.org
Meenakshi Sundaram Koushik
Great! Thank you. Special kudos for the super well summarized Q&A answers! :) See you next week!
I noticed! Well done.
Thanks sherif, amazing session