《SaC_ a DevSecOps Approach.pdf》由会员分享,可在线阅读,更多相关《SaC_ a DevSecOps Approach.pdf(32页珍藏版)》请在三个皮匠报告上搜索。
1、Security as Code,a DevSecOps ApproachXavier Ren-Corailxcorailhttps:/Planet MarsWhat is different 9 years later?Inclusion in the SDLC43%https:/ that security testing is done late in the SDLCHow can we play it all like NASA?Lessons learned from DevOps?January 2023Security As CodexcorailWe need to Empo
2、wer developersJanuary 2023Security As CodexcorailWhat motivates developers?Autonomy,Mastery,PurposeJanuary 2023Security As CodexcorailYou are in controlYou are learning and mastering a new skillYou know why youre doing what youre doingAutonomyMasteryPurpose from the experts and you just do what your
3、e told.You receive a list of issues January 2023Security As CodexcorailGivem code!Security as Code“Security as Code(SaC)The methodology of codifying security decisions that are then shared with other teams.CodeQLSAST(Static Analysis Security Testing)Query code as if its data Describe what to find,no
4、t how to find it Logical,Declarative,Object-Oriented January 2023Security As CodexcorailCodeQL extracts your code into a database AST,Semantics,Control Flow GraphOptimized OO language to query this DBJanuary 2023Security As CodexcorailConsumersWritersConsumersJanuary 2023Security As CodexcorailJanua
5、ry 2023Security As CodexcorailComments in your PR Integrated in your existing SDLC Act just as your usual peer reviewer Documentation attached with remediation adviceWritersJanuary 2023Security As CodexcorailAutomated,repeatableConclusionIncluded in my SDLCI can read it,I can learnBonus:Community-drivenMonth day,yearPMM team To know booth#G17Thank you