Zoom Logo

Building a DevSecOps Pipeline Using Github Actions - Shared screen with speaker view
Kassia Clifford
00:57
Hello! Welcome Shivani
Kassia Clifford
01:14
Hi Andrew! Hi Nancy!
Kassia Clifford
05:03
Hi Jose!
Kassia Clifford
07:57
Welcome back!!
BARRY LONG
08:12
Good day folks
Kassia Clifford
08:18
Hi Barry!
Kassia Clifford
08:40
Hey Garth! :)
Olivia Harris
10:05
Welcome Didar :)
Kassia Clifford
10:20
Welcome!
Didar Gelici
10:37
good to be here!
Kassia Clifford
14:33
Hahaha Thanks @Nicholas! :)
Kassia Clifford
15:44
Thanks Didar! I think Sherif is trying to embody some of the "Kassia-isms" it's part of our shared development plans. ;)
Didar Gelici
18:18
ZAP yay!
Kassia Clifford
18:37
Love the enthusiasm Didar, you are 100% in the right place!
Didar Gelici
18:51
<3
Shivani SACHAN
18:59
Hi Didar, Nice to see you here
Didar Gelici
19:12
you too girl!
Olivia Harris
19:32
yes, you'll get the slides in the follow up today :)
Kassia Clifford
36:25
Awesome question! Thanks @anon
Doug Caldwell
38:59
That was from Doug Caldwell - sorry Anon is on by default. I may ask again later as suggested. I am in a large enterprise with a lot of interdependent apps - also Change management is part if the Common Controls - ITSG-33 etc.
Doug Caldwell
39:35
Thisi has to be possilbe justhave to find a reasonable way to do it.
Didar Gelici
39:58
OWASP DevSecOps maturity model
Didar Gelici
40:24
it is live
Didar Gelici
40:29
but it is a guidline
Didar Gelici
40:58
need your own metrics to measure your own success, right?
Garth Boyd
41:01
Perhaps Didar can present the OWASP DevSecOps maturity Model at an OWASP Ottawa Meetup =)
Kassia Clifford
41:31
Thanks @Doug, I'll flag Sherif to this question and we can always speak directly outside of this session if we run out of time! kclifford@softwaresecured.com
Nancy Gariché
41:54
https://owasp.org/www-project-devsecops-maturity-model/ (FYI - No project level on webpage)
Olivia Harris
42:19
Thanks Nancy!
Didar Gelici
43:45
@garth following you on twitter, let’s chat there further : )
Doug Caldwell
46:50
@Kassia - Thanks!
Garth Boyd
47:14
I always wanted to work on a transition. =)
Garth Boyd
47:31
*Transmission
Didar Gelici
47:44
I said other because ours is different per team, some teams include some security tooling in their pipeline some don’t
Kassia Clifford
48:21
Hi Lana! :)
Ishaq Mohammed
49:56
Love the way how sherif is focusing on the fact that devsecops is about culture
Didar Gelici
52:09
:scream: lol
Kassia Clifford
52:25
hahaha! @Didar :)
Garth Boyd
59:37
Since Github cloud allows free private repos I have been using that exclusively lately
Olivia Harris
01:07:18
Thanks Deniz! Great resource
Olivia Harris
01:08:40
Here is a guide Deniz made to configure GitHub Cloud in a secure way (feel free to create issues to improve) : https://github.com/dduzgun-security/github-enterprise-cloud-configuration
Meenakshi Sundaram Koushik
01:10:21
Thanks Deniz! That looks very detailed. Appreciate your sharing it.
Didar Gelici
01:10:43
teşekkürler Deniz!
Deniz Onur Duzgun
01:11:28
Anytime :) @Didar bir şey degil haha
Garth Boyd
01:14:20
There are some tools. Specific around Infrastructure as code
Didar Gelici
01:14:24
there are a few TM tools
Garth Boyd
01:15:00
There are more policy tools around Infrastructure as code but there is one I know of that attempts at threat modeling
Garth Boyd
01:15:14
But what type of threat modelling is also a question
Kassia Clifford
01:15:32
Anyone interested in joining our next Weekly Tuesday reshift demo, here's the link! https://us02web.zoom.us/webinar/register/WN_nFxrCs9rQ3OnG7M10Nwi6Q
Kassia Clifford
01:19:23
Blow your horn @Didar! We love shared tools!
Didar Gelici
01:19:55
I don’t want to blow my own horn here, but at the open security summit, we covered a few TM automation tools and their videos are at our youtube channel: https://www.youtube.com/playlist?list=PLxLweN1tBkoQEc2O9_SZtV5urGTn487os
Didar Gelici
01:20:32
thanks for having an open platform
John Adedigba
01:22:02
@ sherif, How did you get the spotbugs report after the GitHub actions run?
Svetozar Miucin
01:22:25
Gotta drop, thanks for the great talk!
Kassia Clifford
01:22:48
Awesome to have you back Nicholas and Barry!
Kassia Clifford
01:22:53
Thanks Svetozar!
Doug Caldwell
01:22:59
have to leave . thanks for a great webinar - looking forward to next week
Kassia Clifford
01:23:33
Thanks @ Doug, reach out if you'd like and we can chat offline! Otherwise see you next week!
Kassia Clifford
01:23:37
kclifford@softwaresecured.com
Shivani SACHAN
01:23:43
Great session looking forward tp more
Kassia Clifford
01:24:16
Thanks for joining Shivani! Your friends are welcome :)
Olivia Harris
01:24:42
To send Sherif an email - sherif@softwaresecured.com
Meenakshi Sundaram Koushik
01:26:15
Thanks Sherif.
Didar Gelici
01:26:17
great session!
John Adedigba
01:26:29
Thanks Sherif!
Jacob Resnick
01:26:38
Thank you!
Nancy Gariché
01:27:10
Great! Thank you. Special kudos for the super well summarized Q&A answers! :) See you next week!
Nancy Gariché
01:27:25
I noticed! Well done.
Kassia Clifford
01:27:35
Thanks Nancy!
Ishaq Mohammed
01:27:40
Thanks sherif, amazing session