DevOps World | Jenkins World 2018

DevSecOps is so much more than automating the scan button - it spans the entire stack and the full software lifecycle including development *and* operations. In this talk, we'll focus on layering security tools on a continuous integration/continuous delivery pipeline without disrupting it. We'll demonstrate a fast, effective, scalable DevSecOps pipeline using free tools. In development, we'll use IAST (Interactive Application Security Testing) to accurately pinpoint vulnerabilities in real time without scanning. And in production, we'll use RASP (Runtime Application Self-Protection) to gain comprehensive visibility of attacks in operations and prevent exploits. The result: continuous protection without disrupting DevOps.