Secure DevOps: A Puma’s Tail

DevOps is changing the way that organizations design, build, deploy and operate online systems. Engineering teams are making hundreds, or even thousands, of changes per day, and traditional approaches to security are struggling to keep up. Security must be reinvented in a DevOps world and take advantage of the opportunities provided by continuous integration and delivery pipelines. In this talk, we start with a case study of an organization trying to leverage the power of Continuous Integration (CI) and Continuous Delivery (CD) to improve their security posture. Then, we will focus on static analysis, how it fits into Secure DevOps, and introduce you to Puma Scan: a new open-source .NET static analysis tool. Live demonstrations will show Puma Scan identifying vulnerabilities inside Visual Studio and in a Jenkins continuous integration (CI) build pipeline. Attendees will walk away with a better understanding of how static analysis fits into DevOps and a .NET static analysis engine to help secure your organization’s applications.