DevSecOps Transformation at Speed and Scale Using Tekton - Caroline Cameron & Tony Higham, IBM
DevSecOps Transformation at Speed and Scale Using Tekton - Caroline Cameron & Tony Higham, IBM
The distributed development effort across individual teams to build secure software in a constantly evolving security threat landscape results in massive duplication of CI/CD automation work and inconsistent security and compliance postures across teams. The solution is to standardize the CI/CD security & compliance automation for development teams and centralize platform operations and maintenance. Our centralized CI/CD platform prevents software security problems from reaching production systems and streamlines compliance audits using built-in DevSecOps practices. Tekton is used as the open source orchestrator to standardize CI/CD and contribute open source enhancements through our valued ecosystem partnerships to benefit all users. The platform includes open source scanning tools such as Clair for OSS threat intelligence, SonarQube for SAST, and OWASP ZAP for DAST. The platform also extends the traditional CI and CD pipelines with a Continuous Compliance (CC) pipeline which ensures that deployed applications are scanned for new vulnerabilities on a daily basis with unique capabilities to auto remediate identified vulnerabilities and auto close resolved incident issues.
The distributed development effort across individual teams to build secure software in a constantly evolving security threat landscape results in massive duplication of CI/CD automation work and inconsistent security and compliance postures across teams. The solution is to standardize the CI/CD security & compliance automation for development teams and centralize platform operations and maintenance. Our centralized CI/CD platform prevents software security problems from reaching production systems and streamlines compliance audits using built-in DevSecOps practices. Tekton is used as the open source orchestrator to standardize CI/CD and contribute open source enhancements through our valued ecosystem partnerships to benefit all users. The platform includes open source scanning tools such as Clair for OSS threat intelligence, SonarQube for SAST, and OWASP ZAP for DAST. The platform also extends the traditional CI and CD pipelines with a Continuous Compliance (CC) pipeline which ensures that deployed applications are scanned for new vulnerabilities on a daily basis with unique capabilities to auto remediate identified vulnerabilities and auto close resolved incident issues.
The Linux Foundation
The Linux Foundation is a nonprofit consortium dedicated to fostering the growth of Linux and collaborative software development. Founded in 2000, the organization sponsors the work of Linux creator Linus Torvalds and promotes, protects and advances the L...