24 min
Episode 40: Shifting security left Off Script
-
- Technology
Inspired by reading ‘Investments Unlimited’ and other books built around the principles of storytelling, James and Josh dive into DevSecOps and the bigger picture of shifting security left in this new episode of Off Script!
In this episode:
00:00 Fictional Bugs - Investments Unlimited
01:00 DevSecOps
02:00 Moving security testing to the beginning
03:00 Reducing the friction of releases
04:00 Go through pain points early
05:00 Strict linting, function length, no unused variables
06:00 Early automated tests to prevent Git leaks
08:00 Making it easy for the developer
10:00 Bearer
11:00 Concise reporting
12:00 Dependabot
13:00 Secret Management
14:00 Making it easy to do the right thing
16:00 Having pride in your security
17:00 What if your language doesn’t have much security support?
19:00 Dynamic & Static languages
20:00 Language agnostic tools
21:00 Key takeaways
References:
https://itrevolution.com/product/investments-unlimited/
https://www.bearer.com/
https://github.com/dependabot
Find out more about Stac and Parallax:
https://stac.works
https://parall.ax
Inspired by reading ‘Investments Unlimited’ and other books built around the principles of storytelling, James and Josh dive into DevSecOps and the bigger picture of shifting security left in this new episode of Off Script!
In this episode:
00:00 Fictional Bugs - Investments Unlimited
01:00 DevSecOps
02:00 Moving security testing to the beginning
03:00 Reducing the friction of releases
04:00 Go through pain points early
05:00 Strict linting, function length, no unused variables
06:00 Early automated tests to prevent Git leaks
08:00 Making it easy for the developer
10:00 Bearer
11:00 Concise reporting
12:00 Dependabot
13:00 Secret Management
14:00 Making it easy to do the right thing
16:00 Having pride in your security
17:00 What if your language doesn’t have much security support?
19:00 Dynamic & Static languages
20:00 Language agnostic tools
21:00 Key takeaways
References:
https://itrevolution.com/product/investments-unlimited/
https://www.bearer.com/
https://github.com/dependabot
Find out more about Stac and Parallax:
https://stac.works
https://parall.ax
24 min