Video details

Adapting DevOps in a World of Growing Software Supply Chain Attacks • Adam Such • GOTO 2021


This presentation was recorded at GOTO Copenhagen 2021. #GOTOcon #GOTOcph
Adam Such - Principal Solutions Architect for the Nordics region at Sonatype
ABSTRACT Instinctively, we understand how critical this is, especially in a time of growing high profile attacks on software supply chains across the world - most recently Dependency Confusion, the Cloudflare and SolarWinds breach - embracing security as a development team has never been more important. Done properly, DevSecOps practices shouldn’t interrupt the DevOps pipeline - but instead aid it - preventing costly rebuilds and build failures, down the road. By creating automated governance that is embedded early and throughout the software development lifecycle, developers have transparent access to digital guardrails integrated within our native tools — an approach that ensures security is being built in without slowing [...]
TIMECODES 00:00 Intro 02:12 What you will learn 03:00 Why is there a new wave of cybersecurity attacks? 06:34 Where do vulnerabilities enter your supply chain? 12:37 Typosquatting 15:46 Namespace confusion 18:06 Malicious code injections 20:40 How to prevent future attacks? 22:30 8 Rules 31:20 Outro
Read the full abstract here:
RECOMMENDED BOOKS Aaron Parecki • OAuth 2.0 Simplified • Aaron Parecki • OAuth 2.0 Servers • Aaron Parecki • The Little Book of OAuth 2.0 RFCs • Erdal Ozkaya • Cybersecurity: The Beginner's Guide • Forsgren, Humble & Kim • Accelerate: The Science of Lean Software and DevOps • John Arundel & Justin Domingus • Cloud Native DevOps with Kubernetes • Wynne, Hellesoy & Tooke • The Cucumber Book • Robert C. Myers • Essential Test-Driven Development • Roy Osherove • The Art of Unit Testing • Eric Ries • The Lean Startup • Ronnie Mitra & Irakli Nadareishvili • Microservices: Up and Running• #DevOps #FutureOfDevOps #Maven #npm #GoLang #NuGet #RubyGems #PyPl #CyberSecurity #Security #DevSecOps #Typosquatting #NamespaceConfusion #CodeInjectinos #MTTU
Looking for a unique learning experience? Attend the next GOTO conference near you! Get your ticket at
SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily.