How to Build DevSecOps Pipeline as Code with Hasan Yasar
About this DevOps Toolchain Episode:
Last week, I shared a session from a previous Automation Guild, but this week, I’d like to share a session from our previous SecureGuild. So here is a presentation by Hasan Yasar on How to build a DevSecOps Pipeline as Code!
You’ve heard the hype and read dozens of blog posts on DevSecOps. Finally, your organization has decided to make this cultural shift to take advantage of automation and the benefits of DevOps.
However, making this shift as an engineering team can often be cumbersome because many tech professionals still need to familiarize themselves with the technologies required to implement a complete DevOps pipeline, including security automation.
In this talk, Hasan will introduce Microcosm, a miniature, secure DevOps pipeline he developed at the SEI, available through infrastructure as code. Microcosm represents a miniature version of a secure DevOps pipeline compared to what you find in a large enterprise environment.
Listen up as Hassan goes over crucial principles of the DevSecOps pipeline and shares his lesson-learned examples with the Security community.
TestGuild DevOps Toolchain Exclusive Sponsor
Get real-time data on real-user experiences – really.
Latency is the silent killer of apps. It’s frustrating for the user and under the radar for you. It’s easily overlooked by standard error monitoring. But now BugSnag, one of the best production visibility solutions in the industry, has its own performance monitoring feature: Real User Monitoring. It detects and reports real-user performance data – in real-time –so you can rapidly identify lags. Plus gives you the context to fix them. Try out Bugsnag for free today. No credit card is required.
About Hasan Yasar
Hasan Yasar is the Technical Director of Continuous Deployment of Capability group in Software Engineering Institute, CMU. Hasan leads an engineering group to enable, accelerate and assure Transformation at the speed of relevance by leveraging, DevSecOps, Agile, Lean AI/ML and other emerging technologies to create a Smart Software Platform/Pipeline. Hasan has more than 25 years’ experience as senior security engineer, software engineer, software architect and manager in all phases of secure software development and information modeling processes. He is also Adjunct Faculty member in CMU Heinz Collage and Institute of Software Research where he currently teaches “Software and Security” and “DevOps: Engineering for Deployment and Operations
Connect with Hasan Yasar
- Blog: www.hasan-yasar
- Twitter: www.securelifecycle
- LinkedIn: www.hasanyasar
- Git: www.hyasar
Rate and Review TestGuild DevOps Toolchain Podcast
Thanks again for listening to the show. If it has helped you in any way, shape or form, please share it using the social media buttons you see on the page. Additionally, reviews for the podcast on iTunes are extremely helpful and greatly appreciated! They do matter in the rankings of the show and I read each and every one of them.
Related Podcasts
About This Episode: Dynamic Application Security Testing (DAST) has a reputation problem. It’s noisy, slow, and often ignored by developers […]
About this DevOps Toolchain Episode: Support the show – try out Insight Hub free for 14 days now: https://testguild.me/insighthub In […]
About this DevOps Toolchain Episode: In this episode of the TestGuild DevOps Toolchain Podcast, Joe Colantonio sits down with Matt […]
About This Episode: In this episode of the TestGuild DevOps Toolchain Podcast, host Joe Colantonio sits down with Jennifer Rahmani, […]