#devsecops
#DevSecOps is the future of software security. It's time to stop thinking of security as an afterthought and start integrating it into the development process from the very beginning.
Find out more in my upcoming book, "The DevSecOps Playbook: Deliver Continuous Security at Speed":
https://buff.ly/3qqdbjI
Free #Atlassian #Jira #cloud #DevSecOps tab offers a glimpse into possibilities for future expansion in #softwaresecurity for the vendor. Katie Norton of IDC weighs in on key areas of opportunity.
#softwaredevelopment #vulnerabilitymanagement #devopssecurity #cybersecurity
🚀 We have just released a brand new video on @GitHub Scheduled Pipelines!
🎥 In this our 11 video, Padi and I will show you how to configure a Schedule Pipeline for our #DevSecOps pipeline in #GitHub so that the pipeline runs at regular intervals.
After the Air Force's #software project was three years behind schedule and $317 million over budget with waterfall methodology, something had to change. Read how #DevSecOps is helping federal agencies be more responsive and spend less: https://www.releaseteam.com/devsecops-for-federal-agencies/
Just one week away! I'll be joining TechTalk Summits to speak about #DevSecOps and my upcoming book, The DevSecOps Playbook.
If you are a tech leader in the New York area join us at Michelin star restaurant, Al Coro, in Chelsea. You'll enjoy a three-course dinner, drinks, and great discussion.
Register today as seats are very limited and you must be approved to attend:
https://buff.ly/41wQoAt
AI-powered features included in GitLab 16 release https://www.fosslife.org/gitlab-16-released-new-ai-powered-features #AI #GitLab #DevSecOps #SoftwareDevelopment #security
SecOps 360 Day: An Event to Bridge IT and Security Gaps | via CyberSecDive
#SecOps #DevSecOps #ShiftLeft
https://www.cybersecuritydive.com/press-release/20230523-secops-360-day-an-event-to-bridge-it-and-security-gaps/
🔥⏲️ Fudge Sunday "Zero Tickets to Paradise" A look at the goal of attaining a near zero ticket developer experience with AIOps.
#developer #experience #devx #platformengineering #devops #devsecops #itsm #ticketless #reinvesting #productivity #productengineering #AIOps #mlops #machinelearningmodels #digitalacceleration #digitaltranformation #ticketfree #zerotickets #newsletter #newsletters
As APIs proliferate w/ cloud-native development, what do we need to do to secure them? Looking forward to this webinar with
@filipv
from No Name Security to discuss my latest research findings and best practices fro API security
Join us here: https://nonamesecurity.zoom.us/webinar/register/WN_FYMRxXqbTK-3wSYXRBvzVA#/registration
#appsec #applicationsecurity #cloudsecurity #devsecops #apisecurity
Working on my @CloudLandFestival learning sessions 🌱
#Observability for Efficient #DevSecOps Pipelines
See you soon! https://www.cloudland.org/en/home/
Great to join TechTalk Summits and Gitlab to speak with other tech leaders about #DevSecOps last night in Newport Beach, CA.
If you missed it and are in the New York area make sure to join me at the Tech Talk Summit CXO Roundtable in at the Michelin star restaurant, Al Coro in #NYC on June 8.
https://techtalksummits.com/event/exclusive/cxo-roundtable-series/cxo-roundtable-new-york-ny
Developer team onboarding a breeze, running securely in your cloud or datacenter? 👀 On-demand, cloud-based development environments are here in Beta with #GitLab 16 - give it a try ⚡
"Accept the risk and continue" would be a good band name. #tls #devsecops
A developer’s guide to setting supply chain security in DevSecOps | #RedHat #Developer https://developers.redhat.com/e-books/developers-guide-setting-supply-chain-security-devsecops
#devsecops #Security
It's GitLab 16.0 Release Day 🚀
🤖 Code Suggestions - now available to everyone, with support for 13 languages and now the default multi-file code editor across GitLab.
🛡️ Browser-based DAST scanner has been improved to perform faster and more accurately.
📊 The Value Streams Dashboard is now generally available. Use it to gather insights into your metrics!
⚡️ The new Web IDE is now generally available.
Interested in joining the #GitLab team? Check out open positions for backend engineers, sales, and more on #OSJobHub https://opensourcejobhub.com/company/706/ #database #engineer #PostgreSQL #DevSecOps #sales #jobs #career #OpenSource
#GitLab 16.0 is here - so many great features to highlight 💡 #efficiency #devsecops #ai #aipowered #community #remotedevelopment #DevX
Learn more ⬇️
HIRING: DevSecOps Engineer / United States - Remote https://infosec-jobs.com/J31051/ #InfoSec #InfoSecJobs #Cybersecurity #jobsearch #hiringnow #CyberCareers #RemoteJob #Automation #CICD #DevOps #DevSecOps #EDR #Firewalls #IDS #IPS #Java #Kubernetes #Linux #Monitoring #Python
How to do Vulnerability Management in GitHub?
In our newest video, Padi and I show you the process of managing and tracking vulnerabilities using the GitHub Vulnerability Management (Security Tab).
How DevSecOps can mitigate the cyber risks of emerging technologies [Q&A] #QandA #CyberSecurity #DevSecOps
By integrating security into the development process, DevSecOps helps to identify and fix vulnerabilities early on, saving time and resources in the long run. #DevSecOps #ShiftLeft
A little help from AI ... to summarize #GitLab merge request reviews ⚡ #efficiency #devsecops
Morning on the first day of #DevOpsTalks #Sydney, and it's clear it should be renamed #DevSecOps talks :)
The main focus of everyone seems to be on #securiy, which is a good surprise and a relief. Getting more people interested and pushing good security practices in #development is bound to make everyone's life easier.
Second talk done by Ben Ridley an accountant turned #linux admin turned #DevSecOps consultant, currently working at #gitlab ...
DevSecOps isn't just a buzzword, it's a cultural shift in the software development process that prioritizes security at every stage.
#DevSecOps #SecurityFirst
Sigstore: Roots of trust for software artifacts - For the roughly five billion people who use the internet, only a tiny fraction have an... - https://www.infoworld.com/article/3696209/sigstore-roots-of-trust-for-software-artifacts.html#tk.rss_all #applicationsecurity #softwaredevelopment #opensource #devsecops #security
🔥⏲️ Fudge Sunday "It’s Not Easy Being GreenDevSecFinOps" A a look at Green IT and green coding adoption cycles past, present, and future
#platformengineering #devsecops #finops #greencoding #hypecycle #hyperscalers #contentdeliverynetwork #iotdevelopment #LFC131 #future #software #coding #aiforgood #aiadoption #aiml #climatescience #climatetechnology #newsletters #newsletter #greenit
https://fudge.org/archive/its-not-easy-being-greendevsecfinops/
I weighed in on the challenges with managing secrets security with cloud-native development and GitGuardian's State of Secrets Sprawl Report.
https://www.csoonline.com/article/3695583/majority-of-us-uk-cisos-unable-to-protect-company-secrets-report.html
#devsecops #cloudsecurity #applicationsecurity #appsec
Is DevOps dead 💀 ?
I've had the pleasure to discuss this controversial topic with @eoehrlich on the latest episode of the Humans of DevOps Podcast from the @DEVOPSINST.
👉 https://www.devopsinstitute.com/ep101-devops-is-not-dead
My new blog post addresses my issues with the concept of "shift left security." It's not wrong, it's just misunderstood.
Shifting left is about empowering developers to better secure their applications, freeing up security teams to scale to better support them. Security teams need to work with development throughout the SDLC to drive efficiency for remediation - helping both teams.
#devsecops #cloudsecurity #infosec #developersecurity #cnapp #applicationsecurity #appsec
Strengthen your product security with collaborative tools! Learn how to plan mitigation, identify abnormal behavior, and share security signals with other DevSecOps teams.
https://thehackernews.com/2023/05/strengthening-product-security.html
Did you know that GitLab can automate #software delivery and secure your end-to-end software supply chain with their DevSecOps platform? Read about the platform here: https://about.gitlab.com/solutions/dev-sec-ops/ #DevSecOps #DevOpsTools
ntro to Docker - I have just completed this room! Check it out: https://tryhackme.com/room/introtodockerk8pdqk #tryhackme #docker #devsecops #devops #security #introtodockerk8pdqk via @RealTryHackMe
Security needs to function as the pit crew enabling developers to speed through instead of taking a view of a cop. Learn from security metrics expert Richard Seiersen and watch our short video about key metrics for better cloud security and cloud-native application security. https://www.techtarget.com/searchsecurity/opinion/Cloud-native-security-metrics-for-CISOs
#applicationsecurity #appsec #cloudsecurity #securitymetrics #ciso #cso #devsecops #infosec #infosecurity
HIRING: Director of Cloud Security - 100% US REMOTE / Allen, TX, United States https://infosec-jobs.com/J29786/ #InfoSec #InfoSecJobs #Cybersecurity #jobsearch #hiringnow #CyberCareers #Allen #TX #UnitedStates #Automation #AWS #Azure #CICD #CISSP #Cloud #DevSecOps #Finance #GCP
HIRING: Cyber Security Consultant / London, United Kingdom https://infosec-jobs.com/J29843/ #InfoSec #InfoSecJobs #Cybersecurity #jobsearch #hiringnow #CyberCareers #London #UnitedKingdom #CISSP #DevSecOps #TOGAF #Vulnerabilities
I’ve just released attempt 2 at a workaround for monorepos with :github: Advanced Security Code Scanning results, to let you filter by project 🚀
My last try didn’t work out, but I’ve taken a new tack ⛵️ and come back with a new ✨ way…
https://github.com/advanced-security/monorepo-filtering-workaround
The sample Actions workflow I’ve shown works for CodeQL, but you can apply the same idea to any Code Scanning integration.
#GitHub #SAST #GitHubAdvancedSecurity #MonoRepo #DevSecOps #SecureCoding
New arrival! Always a great feeling to hold the actual book in your hands.
#multicloud #cloud #devsecops #finops #aws #azure #gcp #oci #alibabacloud #aiops
I need to come up with some talk ideas for next autumn... #DevSecOps and #DevExperience as topics 🙃
DevOps onramp is kicking off now! So much great focus on #DevSecOps!
Awesome lineup with @AndiMann, @botchagalupe, @lnxchk and many other tech leaders. 9AM - 4PM EDT today.
https://www.techstrongevents.com/devopsonramp
It was a pleasure to co-author this article with a colleague and friend, Kristopher Morrison. Here are the the top #JavaScript security risks and how to mitigate them:
https://www.stationx.net/javascript-security/
#cybersecurity #cybersec #infosec #infosecurity #webdev #webdevelopment #webapp #mobile #devsecops #devops #dev #developer #js
Wow! Investments Unlimited made the CIOs nominated reading list published by The Wall Street Journal! https://wsj.com/amp/articles/cios-nominate-their-favorite-reads-of-2022-11672178125 #devops #devsecops
🔥⏲️ Fudge Sunday "Press Rewind" This week we take at recent updates in software supply chain security that provide an ability to press rewind.
#security #software #supplychain #sbom #attestation #people #processes
#tools #devsecops #secops #platformengineering #devex #developerexperience #securecoding #internetofthings #embeddedsystems #exploits #computing #cloud #iotsecurity #newsletter #newsletters
I will believe that an organization takes application security seriously when a junior developer could ask for an extra week to implement security test cases in addition to building the feature. If not, you're only pretending to be #DevSecOps
HIRING: Senior Offensive Security Engineer / 100% Remote (UK/EU*) https://infosec-jobs.com/J28875/ #InfoSec #InfoSecJobs #Cybersecurity #jobsearch #hiringnow #CyberCareers #RemoteJob #UK #EU #Automation #AWS #Azure #CCSP #CICD #Cloud #Codeanalysis #DevSecOps #Exploits #GCP #Java
HIRING: Senior Director, Security Assurance / Remote https://infosec-jobs.com/J28855/ #InfoSec #InfoSecJobs #Cybersecurity #jobsearch #hiringnow #CyberCareers #RemoteJob #Audits #Automation #Compliance #DevSecOps #FedRAMP #Governance #ISO27001 #Monitoring #NIST #Privacy #SOC
DevSecCon is June 27th for 24 hours of non-stop DevSecOps action. Featuring experts and practitioners from the DevOps, development, and security communities, this event is a must-attend for anyone interested in secure software practices.
Learn, network, and collaborate on best practices, processes, and tooling at this free virtual conference!
Our Call for Papers is open until April 28th. Submit your talk today: https://sessionize.com/devseccon24-2023 #DevSecOps #security
Dev[Sec]OpsDays is coming to #Prague again in May. Why don't you join me? https://talkweb.eu/openweb/3775/
#devOps #devsecops #ThreatModeling #Prague #techops #platform #sre
I've opensourced Actions/scripts to enhance #GitHub Code Scanning
🔖 tag-sarif: for filtering results in a #monorepo
🧭 remap-sarif: for scanning code that transpiles to #JavaScript
tag-sarif attaches custom tags to results to allow filtering in the Code Scanning UI
remap-sarif lets you scan languages/frameworks, such as Dart/Next.is, using Source Maps
Source:
https://lnkd.in/dZerNsGs
https://lnkd.in/dvmruWDJ
Let's meet at #KubeConEU 🤗
🎯 GitLab code challenge (booth P1) with stroopwafels swag
⚡ Lightning talk: Efficient #DevSecOps Pipelines
💬 Chat about #Observability, #eBPF & AI
☕ Coffee/lunch/dinner
My availability is updated publicly: https://go.gitlab.com/dxMbWj
I’m attending #KubeCon + #CloudNativeCon in Amsterdam from April 19th - April 21st, and I invite you to stop by Booth P1 for my lightning talk Efficient DevSecOps pipelines in a cloud native world on April 19 at 19:30 CEST. https://bit.ly/3yvBn5j #DevSecOps
Did you know that you can now enable #GitHub Advanced Security features for all your personal repositories in one go? Go to https://github.com/settings/security_analysis to enable them!
Want to learn more about GitHub Advanced Security? Check out my LinkedIn Learning course on it! https://www.linkedin.com/learning/github-advanced-security/github-advanced-security?autoplay=true
New advisory! Viktor Chuchurski provides details on a CSRF protection bypass he discovered in Sveltekit. Ensure your apps are up-to-date.
#doyensec #appsec #javascript #DevSecOps #sveltekit #svelte
https://doyensec.com/resources/Doyensec_SvelteKit_CSRF_Protection_Bypass_Advisory.pdf
I'm excited to announce that my upcoming book, The DevSecOps Playbook: Delivering Continuous Security, is now available for pre-order on Amazon!
Whether you're a security professional, a developer, or a business leader, this book will give you the tools you need to adopt DevSecOps and deliver secure software at speed.
Pre-order your copy today and be among the first to get your hands on this essential resource!
https://a.co/d/c6UA1m4
Integrating with GitHub Actions – Amazon CodeGuru in your #DevSecOps Pipeline 👉 To analyze and detect potential security vulnerabilities in the code before deploying it https://aws.amazon.com/blogs/devops/integrating-with-github-actions-amazon-codeguru-in-your-devsecops-pipeline/ #AWS #DevOps #Security
forget #linecoverage use #mutationtestcoverage in #java and #kotlin with @_pitest - a short intro - #tdd #testcoverage #devsecops #innovation #java https://youtu.be/6Vej7YEOF8g
In June, I'm excited to join the German #cloudnative festival @CloudLandFestival Let's learn together! 🤗
⚡ Talk: Observability for Efficient #DevSecOps Pipelines
💡 Workshop: Learning #eBPF for better #Observability
Lineup: https://en.shop.doag.org/events/cloudland/2023/agenda/#eventDay.all
looking forward to seeing you at #KubeConEU 2023 in april 🌐
find me at the #GitLab booth 🦊 talk about efficient #DevSecOps ⚡ join great conversations & code challenges 💡grab swag ☀️ enjoy time together 🤗
Attention #CloudSecurity aficionados!
📣 Gartner® has published the first Market Guide for Cloud-Native Application Protection Platforms (CNAPP), marking a major turning point in cloud security.
🎉 Join Uptycs on Thursday March 23rd for their live discussion on the key takeaways from this guide: https://thn.news/cnapp-market-guide
👋 🌱 🐝 🤖 🛡️⛅ 👁️ 📚 🔖 🎯 🎥 🎤
Love to learn together, and follow the Ops in Dev newsletter?
Subscribe at https://buttondown.email/opsindev.news
⚡ Recording for my "Efficient #DevSecOps Pipelines in a Cloud-Native World" talk at @clt_news
Chemnitz Linux Days is here: https://go.gitlab.com/9gx7Om
🌱 Many best practices, #gitlab tips, and future ideas.
Efficient #DevSecOps pipelines in a cloud-native world - slides from my Chemnitz Linux Days talk, to learn & iterate async 🤗💡🌱🔥
This cheat sheet is by a practicing web developer (namely, yours truly), so grab it now:
https://www.stationx.net/xpath-cheat-sheet/
#cybersecurity #tech #networking #cybersec #infosec #infosecurity #network #security #data #techcommunity #devsecops #devops #developer #dev #xpath #web #webapp #webdev #app #appdev #webdevelopment #webdeveloper
New #WomeninCybersecurity show is out featuring the amazing and inspiring #appsec guru @SheHacksPurple! Find out how playing guitar got her into #cybersecurity and learn about her free #applicationsecurity training courses + resources https://www.esg-global.com/blog/women-in-cybersecurity-tanya-janca
#devsecops #cloudsecurity #securitytraining #infosec
⚡ I'm excited to speak at QCon London about my #eBPF learning story with debugging production, verifying #observability with #chaosengineering, and #eBPF benefits, risks, #DevSecOps to-dos : https://qconlondon.com/presentation/mar2023/monitoring-observability-ebpf-chaos?utm_campaign=community&utm_content=gitlab_developer_evangelism_talks&utm_source=mastodon&utm_medium=social&utm_budget=cmty
🤗 March 27-29, in-person or online at #QConLondon
Discount ⬇️
You can use this discount code to register for #QConLondon - MichaelFQUK2350
💡 Early bird runs until March 6. https://qconlondon.com/
See you soon in London! Make sure to visit the #GitLab booth and chat 🦊
🛡️ Secure your #GitLab CI/CD workflows using #OIDCJWT on a #DevSecOps platform
Learn about JSON Web tokens, their current CI/CD integration, and what's coming with GitLab 16.0 soon 🌱
THE BIG FIX 24-HOUR LIVESTREAM IS ABOUT TO START! https://www.youtube.com/watch?v=dVedZpqWybI #DevSecOps #TheBigFix
I've just published my latest blog post, titled "You can't do 'DevSecOps' without doing 'DevOps'".
If you want to level up your #AppSec organization and transform the way you work into #DevSecOps - start here:
Is "monitoring" a bad word now? I've noticed many people, especially vendors simply replacing "monitoring" with "observability" without really understanding what observability means.
⚡ GitLab 15.9 released
🔐 Secure CI/CD workflows with OIDC
🔥 Code suggestions in closed beta
🌱 Your work sidebar - incl. activity view
🏎️ Tasks: Convert Markdown checklists & quick actions
📈 Epics with child epics from different group hierarchies
👋 🌱 🐝 🤖 🛡️⛅ 👁️ 📚 🔖 🎯 🎥 🎤
Love to learn together, and follow the Ops in Dev newsletter?
Subscribe at https://buttondown.email/opsindev.news
A beginners tutorial with python-gitlab & advanced #DevSecOps use cases with the #GitLab API in one blog post: https://go.gitlab.com/JPIoWd
Kudos to the python-gitlab project, fantastic API library & pure joy using as a #Python developer (I literally could not stop writing the blog post) 🤗
Devs: We should add a kiosk mode to make the application safer.
Manager: No time for such nonsense, deploy it now.
#infosec #appsec #pentesting #blueteam #bugbounty #DevSecOps
Credit: @stux
#GitLab’s 2023 predictions: What’s next for #DevSecOps?
Including my predictions for #observability 💥
I have enabled GitHub's Secret scanning for 14k forked repositories from the Actions Marketplace. Here is what I have found (and why you should make sure you have this enabled)!
@The_Stitched That makes sense. I'm eyeing a #devsecops role at a company that by most accounts has pretty solid company culture and seems to really care about their employees. I imagine that would help combat the burnout. I appreciate the insight!
Hey #devops peeps - what is your best definition of the job? What do you do in your day-to-day? Bonus points for #devsecops info
I have a general idea of what the job entails and I'm interested in potentially working in the field, but should probably learn a bit more first 😅
🔥 Passionate about hands-on content to help educate everyone about #DevSecOps #cloudnative #AI #observability ?
🤗 #DevRel #opensource and #community engagement makes you happy ?
🌐 You live and breath #remote #async #transparency #diversity ?
💥 YES to all of them? Apply now and join our amazing Developer Evangelism team at GitLab!
Security is everyone's responsibility.
I stole this from the training - it's facts.
#devsecops #devops
📢 TODAY (9:00 PST / 11:00 CST / 12:00 EST): Join Josh Kodroff @joshkodroff and Xe Iaso @cadey to learn how to use #Pulumi with Tailscale to seamlessly and securely connect your devices and #cloud resources using a modern, zero-trust model! 👉Register here: https://pulumip.us/Building-VPN
@edbro @SheHacksPurple oh trust me, I know a thing or two about #DevSecOps 😉 For the sake of space I was just giving a couple of examples 😊👍 and yes, Tanya is a fantastic person!
[Re. @PulumiCorp]
TOMORROW (11 AM CST): Join @JoshKodroff and Xe Iaso (@Tailscale) to learn how to use #Pulumi with Tailscale to seamlessly and securely connect your devices and #cloud resources using a modern, zero-trust model! 👉Register https://t.co/rwPHYfRXoz
[Re. @symops]
👋 Hello! We’re thrilled to announce our new integration with @tailscale for SSH access.
Sym’s approvals-as-code are the perfect complement to Tailscale’s ACLs-as-code — what more could a #DevSecOps engineer want?
Read our full announcement here: https://t.co/hLba3q2XHT 🎉