In 2023, the demand for secure software development skills is at an all-time high. As DevOps professionals, we need to focus on secure CI/CD pipelines, helping developers secure code, and securing supply chains. During this workshop we’ll discuss best practices to lock down CI pipelines and how to …
In this half-day workshop: We look at how to implement secure coding practices, and then move on to discuss the ins and outs of modern continuous integration. After we lock down our CI pipelines, we’ll look at how to find vulnerabilities in our dependencies. Armed with that information we’ll learn …
Panelist at OpenSSF Day during Open Source Summit North America.
Let’s get it out of the way early: it’s not always clear how you can best plug into organizations like OpenSSF. That’s why I’m writing this guest blog post as an “outsider.” I’m just your average tech employee who has become progressively more involved since my company, Sonatype, became members of …
Organizer and host of this annual event. The topic was recently announced for 2023. Security Slam is a 30-day challenge designed to help creators and users of CNCF projects improve their software supply chain security at scale. Participants will have access to the Security Slam Library, which will …