SlideShare a Scribd company logo

DevSecOps Days London - Teaching 'Shift Left on Security'

Chris Swan
Chris Swan

Deck with backup screenshots of live demo of DevOps Dojo Yellow belt module 'Shift Left on Security' where students incorporate the OWASP dependency checking into a Jenkins CD pipeline around the Springboot Pet Clinic app.

Technology
1 of 22
Download to read offline
© 2017 DXC Technology Company. All rights reserved. March 22, 2019 Teaching 'Shift Left on Security' Chris Swan (@cpswan) Fellow, VP, CTO Global Delivery
March 22, 2019 Chris Swan – Why Me? Combat Systems Engineer - Royal Navy Security R&D - Credit Suisse CTO Security - UBS CTO - Cohesive Networks CTO Global Infrastructure Services - CSC CTO Global Delivery - DXC Technology @cpswan
March 22, 2019 3© 2018 DXC Technology Company. All rights reserved. DXC Technology at a glance $21+Bglobal IT services leader 250+partner network with best-of-breed partners 60+years of innovation employees worldwide ~130,000 9streamlined offering families countries 70+ Agile/DevOps professionals 10,000+#19 of CR Magazine’s 100 Best Corporate Citizens for 2018 ~6,000clients 200+ Fortune 500 companies16 strategic partners
March 22, 2019 4© 2018 DXC Technology Company. All rights reserved. DevOps Dojo by the numbers so far 14,000+ 650+ 2700+
March 22, 2019 5© 2018 DXC Technology Company. All rights reserved. Stripe 1 Modules
March 22, 2019 6© 2018 DXC Technology Company. All rights reserved. Story / Character based
March 22, 2019 7© 2018 DXC Technology Company. All rights reserved. Welcome
March 22, 2019 8© 2018 DXC Technology Company. All rights reserved. Setting the scene
March 22, 2019 9© 2018 DXC Technology Company. All rights reserved. Startup
March 22, 2019 10© 2018 DXC Technology Company. All rights reserved. Jenkins
March 22, 2019 11© 2018 DXC Technology Company. All rights reserved. A week has passed…
March 22, 2019 12© 2018 DXC Technology Company. All rights reserved. Adding OWASP dependency checker
March 22, 2019 13© 2018 DXC Technology Company. All rights reserved. Add the scanner to the pipeline
March 22, 2019 14© 2018 DXC Technology Company. All rights reserved. The broken build :/
March 22, 2019 15© 2018 DXC Technology Company. All rights reserved. Removing stale dependencies
March 22, 2019 16© 2018 DXC Technology Company. All rights reserved. The ground moves beneath our feet
March 22, 2019 17© 2018 DXC Technology Company. All rights reserved. It worked that time
March 22, 2019 18© 2018 DXC Technology Company. All rights reserved. Setting up daily scans
March 22, 2019 19© 2018 DXC Technology Company. All rights reserved. Badge!
March 22, 2019 20© 2018 DXC Technology Company. All rights reserved. GitHub used for support
March 22, 2019 21© 2018 DXC Technology Company. All rights reserved. Students have polished the bugs out
© 2017 DXC Technology Company. All rights reserved. Time for Questions?

Recommended

TechWiseTV Workshop: Stealthwatch Cloud
TechWiseTV Workshop: Stealthwatch CloudTechWiseTV Workshop: Stealthwatch Cloud
TechWiseTV Workshop: Stealthwatch CloudRobb Boyd
 
Up 100
Up 100Up 100
Up 100Anirudh Srivastava
 
Velocity Quarterly Fall 2017 Issue
Velocity Quarterly Fall 2017 IssueVelocity Quarterly Fall 2017 Issue
Velocity Quarterly Fall 2017 IssueConcord Project Technologies Inc.
 
Upcoming Events 2017 for a Java Software Developer - Ted's Tool Time
Upcoming Events 2017 for a Java Software Developer - Ted's Tool TimeUpcoming Events 2017 for a Java Software Developer - Ted's Tool Time
Upcoming Events 2017 for a Java Software Developer - Ted's Tool TimeTed Vinke
 
CWIN17 Rome / Cultivate your ecosystem with a holistic disgital platform
CWIN17 Rome / Cultivate your ecosystem with a holistic disgital platformCWIN17 Rome / Cultivate your ecosystem with a holistic disgital platform
CWIN17 Rome / Cultivate your ecosystem with a holistic disgital platformCapgemini
 
Node Haven One Pager
Node Haven One PagerNode Haven One Pager
Node Haven One PagerEtheralabs
 
[Cisco Connect 2018 - Vietnam] Joseph yap journey to the multi cloud
[Cisco Connect 2018 - Vietnam] Joseph yap journey to the multi cloud[Cisco Connect 2018 - Vietnam] Joseph yap journey to the multi cloud
[Cisco Connect 2018 - Vietnam] Joseph yap journey to the multi cloudNur Shiqim Chok
 
Naresh Hingorani at SCCPulse 2017
Naresh Hingorani at SCCPulse 2017Naresh Hingorani at SCCPulse 2017
Naresh Hingorani at SCCPulse 2017Bristlecone SCC
 

Recommended

TechWiseTV Workshop: Stealthwatch Cloud
TechWiseTV Workshop: Stealthwatch CloudTechWiseTV Workshop: Stealthwatch Cloud
TechWiseTV Workshop: Stealthwatch CloudRobb Boyd
 
Up 100
Up 100Up 100
Up 100Anirudh Srivastava
 
Velocity Quarterly Fall 2017 Issue
Velocity Quarterly Fall 2017 IssueVelocity Quarterly Fall 2017 Issue
Velocity Quarterly Fall 2017 IssueConcord Project Technologies Inc.
 
Upcoming Events 2017 for a Java Software Developer - Ted's Tool Time
Upcoming Events 2017 for a Java Software Developer - Ted's Tool TimeUpcoming Events 2017 for a Java Software Developer - Ted's Tool Time
Upcoming Events 2017 for a Java Software Developer - Ted's Tool TimeTed Vinke
 
CWIN17 Rome / Cultivate your ecosystem with a holistic disgital platform
CWIN17 Rome / Cultivate your ecosystem with a holistic disgital platformCWIN17 Rome / Cultivate your ecosystem with a holistic disgital platform
CWIN17 Rome / Cultivate your ecosystem with a holistic disgital platformCapgemini
 
Node Haven One Pager
Node Haven One PagerNode Haven One Pager
Node Haven One PagerEtheralabs
 
[Cisco Connect 2018 - Vietnam] Joseph yap journey to the multi cloud
[Cisco Connect 2018 - Vietnam] Joseph yap journey to the multi cloud[Cisco Connect 2018 - Vietnam] Joseph yap journey to the multi cloud
[Cisco Connect 2018 - Vietnam] Joseph yap journey to the multi cloudNur Shiqim Chok
 
Naresh Hingorani at SCCPulse 2017
Naresh Hingorani at SCCPulse 2017Naresh Hingorani at SCCPulse 2017
Naresh Hingorani at SCCPulse 2017Bristlecone SCC
 
GraphTour - DXC - Digital Explorer
GraphTour - DXC - Digital ExplorerGraphTour - DXC - Digital Explorer
GraphTour - DXC - Digital ExplorerNeo4j
 
[Cisco Connect 2018 - Vietnam] Huu thang ho data center transformation - vn
[Cisco Connect 2018 - Vietnam] Huu thang ho data center transformation - vn[Cisco Connect 2018 - Vietnam] Huu thang ho data center transformation - vn
[Cisco Connect 2018 - Vietnam] Huu thang ho data center transformation - vnNur Shiqim Chok
 
Agile Enterprise Rome 2018 - Ops and Security in a PaaS and Serverless world
Agile Enterprise Rome 2018 - Ops and Security in a PaaS and Serverless worldAgile Enterprise Rome 2018 - Ops and Security in a PaaS and Serverless world
Agile Enterprise Rome 2018 - Ops and Security in a PaaS and Serverless worldChris Swan
 
Cisco Connect 2018 Vietnam - data center transformation - vn
Cisco Connect 2018 Vietnam - data center transformation - vnCisco Connect 2018 Vietnam - data center transformation - vn
Cisco Connect 2018 Vietnam - data center transformation - vnNetworkCollaborators
 
© 2017 Cisco andor its affiliates. All rights reserved. Ci.docx
© 2017 Cisco andor its affiliates. All rights reserved. Ci.docx© 2017 Cisco andor its affiliates. All rights reserved. Ci.docx
© 2017 Cisco andor its affiliates. All rights reserved. Ci.docxgerardkortney
 
VERSNEL INNOVATIE MET DATA SCIENCE - WERK SAMEN, OPERATIONALISEER EN SCHAAL M...
VERSNEL INNOVATIE MET DATA SCIENCE - WERK SAMEN, OPERATIONALISEER EN SCHAAL M...VERSNEL INNOVATIE MET DATA SCIENCE - WERK SAMEN, OPERATIONALISEER EN SCHAAL M...
VERSNEL INNOVATIE MET DATA SCIENCE - WERK SAMEN, OPERATIONALISEER EN SCHAAL M...webwinkelvakdag
 
Kubernetes based connected vehicle platform #k8sjp_t1 #k8sjp
Kubernetes based connected vehicle platform #k8sjp_t1 #k8sjp Kubernetes based connected vehicle platform #k8sjp_t1 #k8sjp
Kubernetes based connected vehicle platform #k8sjp_t1 #k8sjp Kenta Suzuki
 
DXC Industrialized A.I. – Von der Data Story zum industrialisierten A.I. Service
DXC Industrialized A.I. – Von der Data Story zum industrialisierten A.I. ServiceDXC Industrialized A.I. – Von der Data Story zum industrialisierten A.I. Service
DXC Industrialized A.I. – Von der Data Story zum industrialisierten A.I. ServiceLukas Ott
 
Developer Report 2021 (Published: January 2022)
Developer Report 2021 (Published: January 2022)Developer Report 2021 (Published: January 2022)
Developer Report 2021 (Published: January 2022)Maria Xinhe Shen
 
Developer Report 2021 (Published: January 2021)
Developer Report 2021 (Published: January 2021)Developer Report 2021 (Published: January 2021)
Developer Report 2021 (Published: January 2021)Maria Xinhe Shen
 
AWS Meetup: Career Day 2019 - Lightning Talk with Cloud Career Path: DevOps E...
AWS Meetup: Career Day 2019 - Lightning Talk with Cloud Career Path: DevOps E...AWS Meetup: Career Day 2019 - Lightning Talk with Cloud Career Path: DevOps E...
AWS Meetup: Career Day 2019 - Lightning Talk with Cloud Career Path: DevOps E...AWS User Group - Thailand
 
Developer Report 2021 (Published: January 2021)
Developer Report 2021 (Published: January 2021)Developer Report 2021 (Published: January 2021)
Developer Report 2021 (Published: January 2021)Maria Xinhe Shen
 
Agile at the Intersection of Mobile, Cloud, and the Internet of Things
Agile at the Intersection of Mobile, Cloud, and the Internet of ThingsAgile at the Intersection of Mobile, Cloud, and the Internet of Things
Agile at the Intersection of Mobile, Cloud, and the Internet of ThingsTechWell
 
Cisco Connect Ottawa 2018 dev net
Cisco Connect Ottawa 2018 dev netCisco Connect Ottawa 2018 dev net
Cisco Connect Ottawa 2018 dev netCisco Canada
 
Data Con LA 2019 - Startup Showcase Lexset
Data Con LA 2019 - Startup Showcase LexsetData Con LA 2019 - Startup Showcase Lexset
Data Con LA 2019 - Startup Showcase LexsetData Con LA
 
micro:bit WeTeach_CS Resource Palooza - Sept 2019
micro:bit WeTeach_CS Resource Palooza - Sept 2019micro:bit WeTeach_CS Resource Palooza - Sept 2019
micro:bit WeTeach_CS Resource Palooza - Sept 2019Hal Speed
 
IDC FutureScape : Worldwide Internet of Things 2017 Predictions.
IDC FutureScape : Worldwide Internet of Things 2017 Predictions.IDC FutureScape : Worldwide Internet of Things 2017 Predictions.
IDC FutureScape : Worldwide Internet of Things 2017 Predictions.Dean Bonehill ♠Technology for Business♠
 
Developer Report 2021 (Published: January 2021)
Developer Report 2021 (Published: January 2021)Developer Report 2021 (Published: January 2021)
Developer Report 2021 (Published: January 2021)Maria Xinhe Shen
 
Cisco Connect Toronto 2018 DevNet Overview
Cisco Connect Toronto 2018 DevNet OverviewCisco Connect Toronto 2018 DevNet Overview
Cisco Connect Toronto 2018 DevNet OverviewCisco Canada
 
How to build containerized architectures for deep learning - Data Festival 20...
How to build containerized architectures for deep learning - Data Festival 20...How to build containerized architectures for deep learning - Data Festival 20...
How to build containerized architectures for deep learning - Data Festival 20...Antje Barth
 
LNETM - Atsign - Privacy with Personal Data Services
LNETM - Atsign - Privacy with Personal Data ServicesLNETM - Atsign - Privacy with Personal Data Services
LNETM - Atsign - Privacy with Personal Data ServicesChris Swan
 
SOOCon24 - Showing that you care about security - OpenSSF Scorecards
SOOCon24 - Showing that you care about security - OpenSSF ScorecardsSOOCon24 - Showing that you care about security - OpenSSF Scorecards
SOOCon24 - Showing that you care about security - OpenSSF ScorecardsChris Swan
 

More Related Content

Similar to DevSecOps Days London - Teaching 'Shift Left on Security'

GraphTour - DXC - Digital Explorer
GraphTour - DXC - Digital ExplorerGraphTour - DXC - Digital Explorer
GraphTour - DXC - Digital ExplorerNeo4j
 
[Cisco Connect 2018 - Vietnam] Huu thang ho data center transformation - vn
[Cisco Connect 2018 - Vietnam] Huu thang ho data center transformation - vn[Cisco Connect 2018 - Vietnam] Huu thang ho data center transformation - vn
[Cisco Connect 2018 - Vietnam] Huu thang ho data center transformation - vnNur Shiqim Chok
 
Agile Enterprise Rome 2018 - Ops and Security in a PaaS and Serverless world
Agile Enterprise Rome 2018 - Ops and Security in a PaaS and Serverless worldAgile Enterprise Rome 2018 - Ops and Security in a PaaS and Serverless world
Agile Enterprise Rome 2018 - Ops and Security in a PaaS and Serverless worldChris Swan
 
Cisco Connect 2018 Vietnam - data center transformation - vn
Cisco Connect 2018 Vietnam - data center transformation - vnCisco Connect 2018 Vietnam - data center transformation - vn
Cisco Connect 2018 Vietnam - data center transformation - vnNetworkCollaborators
 
© 2017 Cisco andor its affiliates. All rights reserved. Ci.docx
© 2017 Cisco andor its affiliates. All rights reserved. Ci.docx© 2017 Cisco andor its affiliates. All rights reserved. Ci.docx
© 2017 Cisco andor its affiliates. All rights reserved. Ci.docxgerardkortney
 
VERSNEL INNOVATIE MET DATA SCIENCE - WERK SAMEN, OPERATIONALISEER EN SCHAAL M...
VERSNEL INNOVATIE MET DATA SCIENCE - WERK SAMEN, OPERATIONALISEER EN SCHAAL M...VERSNEL INNOVATIE MET DATA SCIENCE - WERK SAMEN, OPERATIONALISEER EN SCHAAL M...
VERSNEL INNOVATIE MET DATA SCIENCE - WERK SAMEN, OPERATIONALISEER EN SCHAAL M...webwinkelvakdag
 
Kubernetes based connected vehicle platform #k8sjp_t1 #k8sjp
Kubernetes based connected vehicle platform #k8sjp_t1 #k8sjp Kubernetes based connected vehicle platform #k8sjp_t1 #k8sjp
Kubernetes based connected vehicle platform #k8sjp_t1 #k8sjp Kenta Suzuki
 
DXC Industrialized A.I. – Von der Data Story zum industrialisierten A.I. Service
DXC Industrialized A.I. – Von der Data Story zum industrialisierten A.I. ServiceDXC Industrialized A.I. – Von der Data Story zum industrialisierten A.I. Service
DXC Industrialized A.I. – Von der Data Story zum industrialisierten A.I. ServiceLukas Ott
 
Developer Report 2021 (Published: January 2022)
Developer Report 2021 (Published: January 2022)Developer Report 2021 (Published: January 2022)
Developer Report 2021 (Published: January 2022)Maria Xinhe Shen
 
Developer Report 2021 (Published: January 2021)
Developer Report 2021 (Published: January 2021)Developer Report 2021 (Published: January 2021)
Developer Report 2021 (Published: January 2021)Maria Xinhe Shen
 
AWS Meetup: Career Day 2019 - Lightning Talk with Cloud Career Path: DevOps E...
AWS Meetup: Career Day 2019 - Lightning Talk with Cloud Career Path: DevOps E...AWS Meetup: Career Day 2019 - Lightning Talk with Cloud Career Path: DevOps E...
AWS Meetup: Career Day 2019 - Lightning Talk with Cloud Career Path: DevOps E...AWS User Group - Thailand
 
Developer Report 2021 (Published: January 2021)
Developer Report 2021 (Published: January 2021)Developer Report 2021 (Published: January 2021)
Developer Report 2021 (Published: January 2021)Maria Xinhe Shen
 
Agile at the Intersection of Mobile, Cloud, and the Internet of Things
Agile at the Intersection of Mobile, Cloud, and the Internet of ThingsAgile at the Intersection of Mobile, Cloud, and the Internet of Things
Agile at the Intersection of Mobile, Cloud, and the Internet of ThingsTechWell
 
Cisco Connect Ottawa 2018 dev net
Cisco Connect Ottawa 2018 dev netCisco Connect Ottawa 2018 dev net
Cisco Connect Ottawa 2018 dev netCisco Canada
 
Data Con LA 2019 - Startup Showcase Lexset
Data Con LA 2019 - Startup Showcase LexsetData Con LA 2019 - Startup Showcase Lexset
Data Con LA 2019 - Startup Showcase LexsetData Con LA
 
micro:bit WeTeach_CS Resource Palooza - Sept 2019
micro:bit WeTeach_CS Resource Palooza - Sept 2019micro:bit WeTeach_CS Resource Palooza - Sept 2019
micro:bit WeTeach_CS Resource Palooza - Sept 2019Hal Speed
 
Developer Report 2021 (Published: January 2021)
Developer Report 2021 (Published: January 2021)Developer Report 2021 (Published: January 2021)
Developer Report 2021 (Published: January 2021)Maria Xinhe Shen
 
Cisco Connect Toronto 2018 DevNet Overview
Cisco Connect Toronto 2018 DevNet OverviewCisco Connect Toronto 2018 DevNet Overview
Cisco Connect Toronto 2018 DevNet OverviewCisco Canada
 
How to build containerized architectures for deep learning - Data Festival 20...
How to build containerized architectures for deep learning - Data Festival 20...How to build containerized architectures for deep learning - Data Festival 20...
How to build containerized architectures for deep learning - Data Festival 20...Antje Barth
 

Similar to DevSecOps Days London - Teaching 'Shift Left on Security' (20)

GraphTour - DXC - Digital Explorer
GraphTour - DXC - Digital ExplorerGraphTour - DXC - Digital Explorer
GraphTour - DXC - Digital Explorer
 
[Cisco Connect 2018 - Vietnam] Huu thang ho data center transformation - vn
[Cisco Connect 2018 - Vietnam] Huu thang ho data center transformation - vn[Cisco Connect 2018 - Vietnam] Huu thang ho data center transformation - vn
[Cisco Connect 2018 - Vietnam] Huu thang ho data center transformation - vn
 
Agile Enterprise Rome 2018 - Ops and Security in a PaaS and Serverless world
Agile Enterprise Rome 2018 - Ops and Security in a PaaS and Serverless worldAgile Enterprise Rome 2018 - Ops and Security in a PaaS and Serverless world
Agile Enterprise Rome 2018 - Ops and Security in a PaaS and Serverless world
 
Cisco Connect 2018 Vietnam - data center transformation - vn
Cisco Connect 2018 Vietnam - data center transformation - vnCisco Connect 2018 Vietnam - data center transformation - vn
Cisco Connect 2018 Vietnam - data center transformation - vn
 
© 2017 Cisco andor its affiliates. All rights reserved. Ci.docx
© 2017 Cisco andor its affiliates. All rights reserved. Ci.docx© 2017 Cisco andor its affiliates. All rights reserved. Ci.docx
© 2017 Cisco andor its affiliates. All rights reserved. Ci.docx
 
VERSNEL INNOVATIE MET DATA SCIENCE - WERK SAMEN, OPERATIONALISEER EN SCHAAL M...
VERSNEL INNOVATIE MET DATA SCIENCE - WERK SAMEN, OPERATIONALISEER EN SCHAAL M...VERSNEL INNOVATIE MET DATA SCIENCE - WERK SAMEN, OPERATIONALISEER EN SCHAAL M...
VERSNEL INNOVATIE MET DATA SCIENCE - WERK SAMEN, OPERATIONALISEER EN SCHAAL M...
 
Kubernetes based connected vehicle platform #k8sjp_t1 #k8sjp
Kubernetes based connected vehicle platform #k8sjp_t1 #k8sjp Kubernetes based connected vehicle platform #k8sjp_t1 #k8sjp
Kubernetes based connected vehicle platform #k8sjp_t1 #k8sjp
 
DXC Industrialized A.I. – Von der Data Story zum industrialisierten A.I. Service
DXC Industrialized A.I. – Von der Data Story zum industrialisierten A.I. ServiceDXC Industrialized A.I. – Von der Data Story zum industrialisierten A.I. Service
DXC Industrialized A.I. – Von der Data Story zum industrialisierten A.I. Service
 
Developer Report 2021 (Published: January 2022)
Developer Report 2021 (Published: January 2022)Developer Report 2021 (Published: January 2022)
Developer Report 2021 (Published: January 2022)
 
Developer Report 2021 (Published: January 2021)
Developer Report 2021 (Published: January 2021)Developer Report 2021 (Published: January 2021)
Developer Report 2021 (Published: January 2021)
 
AWS Meetup: Career Day 2019 - Lightning Talk with Cloud Career Path: DevOps E...
AWS Meetup: Career Day 2019 - Lightning Talk with Cloud Career Path: DevOps E...AWS Meetup: Career Day 2019 - Lightning Talk with Cloud Career Path: DevOps E...
AWS Meetup: Career Day 2019 - Lightning Talk with Cloud Career Path: DevOps E...
 
Developer Report 2021 (Published: January 2021)
Developer Report 2021 (Published: January 2021)Developer Report 2021 (Published: January 2021)
Developer Report 2021 (Published: January 2021)
 
Agile at the Intersection of Mobile, Cloud, and the Internet of Things
Agile at the Intersection of Mobile, Cloud, and the Internet of ThingsAgile at the Intersection of Mobile, Cloud, and the Internet of Things
Agile at the Intersection of Mobile, Cloud, and the Internet of Things
 
Cisco Connect Ottawa 2018 dev net
Cisco Connect Ottawa 2018 dev netCisco Connect Ottawa 2018 dev net
Cisco Connect Ottawa 2018 dev net
 
Data Con LA 2019 - Startup Showcase Lexset
Data Con LA 2019 - Startup Showcase LexsetData Con LA 2019 - Startup Showcase Lexset
Data Con LA 2019 - Startup Showcase Lexset
 
micro:bit WeTeach_CS Resource Palooza - Sept 2019
micro:bit WeTeach_CS Resource Palooza - Sept 2019micro:bit WeTeach_CS Resource Palooza - Sept 2019
micro:bit WeTeach_CS Resource Palooza - Sept 2019
 
IDC FutureScape : Worldwide Internet of Things 2017 Predictions.
IDC FutureScape : Worldwide Internet of Things 2017 Predictions.IDC FutureScape : Worldwide Internet of Things 2017 Predictions.
IDC FutureScape : Worldwide Internet of Things 2017 Predictions.
 
Developer Report 2021 (Published: January 2021)
Developer Report 2021 (Published: January 2021)Developer Report 2021 (Published: January 2021)
Developer Report 2021 (Published: January 2021)
 
Cisco Connect Toronto 2018 DevNet Overview
Cisco Connect Toronto 2018 DevNet OverviewCisco Connect Toronto 2018 DevNet Overview
Cisco Connect Toronto 2018 DevNet Overview
 
How to build containerized architectures for deep learning - Data Festival 20...
How to build containerized architectures for deep learning - Data Festival 20...How to build containerized architectures for deep learning - Data Festival 20...
How to build containerized architectures for deep learning - Data Festival 20...
 

More from Chris Swan

LNETM - Atsign - Privacy with Personal Data Services
LNETM - Atsign - Privacy with Personal Data ServicesLNETM - Atsign - Privacy with Personal Data Services
LNETM - Atsign - Privacy with Personal Data ServicesChris Swan
 
SOOCon24 - Showing that you care about security - OpenSSF Scorecards
SOOCon24 - Showing that you care about security - OpenSSF ScorecardsSOOCon24 - Showing that you care about security - OpenSSF Scorecards
SOOCon24 - Showing that you care about security - OpenSSF ScorecardsChris Swan
 
All Day DevOps 2023 - Implementing OSSF Scorecards Across an Organisation.pdf
All Day DevOps 2023 - Implementing OSSF Scorecards Across an Organisation.pdfAll Day DevOps 2023 - Implementing OSSF Scorecards Across an Organisation.pdf
All Day DevOps 2023 - Implementing OSSF Scorecards Across an Organisation.pdfChris Swan
 
Fluttercon Berlin 23 - Dart & Flutter on RISC-V
Fluttercon Berlin 23 - Dart & Flutter on RISC-VFluttercon Berlin 23 - Dart & Flutter on RISC-V
Fluttercon Berlin 23 - Dart & Flutter on RISC-VChris Swan
 
QConNY 2023 - Implementing OSSF Scorecards Across an Organisation
QConNY 2023 - Implementing OSSF Scorecards Across an OrganisationQConNY 2023 - Implementing OSSF Scorecards Across an Organisation
QConNY 2023 - Implementing OSSF Scorecards Across an OrganisationChris Swan
 
Flutter SV Meetup Oct 2022 - End to end encrypted IoT with Dart and Flutter
Flutter SV Meetup Oct 2022 - End to end encrypted IoT with Dart and FlutterFlutter SV Meetup Oct 2022 - End to end encrypted IoT with Dart and Flutter
Flutter SV Meetup Oct 2022 - End to end encrypted IoT with Dart and FlutterChris Swan
 
QConSF 2022 - Backends in Dart
QConSF 2022 - Backends in DartQConSF 2022 - Backends in Dart
QConSF 2022 - Backends in DartChris Swan
 
London IoT Meetup Sep 2022 - End to end encrypted IoT
London IoT Meetup Sep 2022 - End to end encrypted IoTLondon IoT Meetup Sep 2022 - End to end encrypted IoT
London IoT Meetup Sep 2022 - End to end encrypted IoTChris Swan
 
Flutter Vikings 2022 - End to end IoT with Dart and Flutter
Flutter Vikings 2022 - End to end IoT with Dart and FlutterFlutter Vikings 2022 - End to end IoT with Dart and Flutter
Flutter Vikings 2022 - End to end IoT with Dart and FlutterChris Swan
 
EMFcamp2022 - What if apps logged into you, instead of you logging into apps?
EMFcamp2022 - What if apps logged into you, instead of you logging into apps?EMFcamp2022 - What if apps logged into you, instead of you logging into apps?
EMFcamp2022 - What if apps logged into you, instead of you logging into apps?Chris Swan
 
Devoxx UK 2022 - Application security: What should the attack landscape look ...
Devoxx UK 2022 - Application security: What should the attack landscape look ...Devoxx UK 2022 - Application security: What should the attack landscape look ...
Devoxx UK 2022 - Application security: What should the attack landscape look ...Chris Swan
 
Flutter Festival London 2022 - End to end IoT with Dart and Flutter
Flutter Festival London 2022 - End to end IoT with Dart and FlutterFlutter Festival London 2022 - End to end IoT with Dart and Flutter
Flutter Festival London 2022 - End to end IoT with Dart and FlutterChris Swan
 
Full Stack Squared 2022 - Power of Open Source
Full Stack Squared 2022 - Power of Open SourceFull Stack Squared 2022 - Power of Open Source
Full Stack Squared 2022 - Power of Open SourceChris Swan
 
Flutter Vikings 2022 - Full Stack Dart
Flutter Vikings 2022 - Full Stack DartFlutter Vikings 2022 - Full Stack Dart
Flutter Vikings 2022 - Full Stack DartChris Swan
 
Droidcon London 2021 - Full Stack Dart
Droidcon London 2021 - Full Stack DartDroidcon London 2021 - Full Stack Dart
Droidcon London 2021 - Full Stack DartChris Swan
 
Keeping a project going
Keeping a project goingKeeping a project going
Keeping a project goingChris Swan
 
Dart on Arm - Flutter Bangalore June 2021
Dart on Arm - Flutter Bangalore June 2021Dart on Arm - Flutter Bangalore June 2021
Dart on Arm - Flutter Bangalore June 2021Chris Swan
 
TMS9995 on RC2014
TMS9995 on RC2014TMS9995 on RC2014
TMS9995 on RC2014Chris Swan
 
CloudCamp London Nov 2019 Intro
CloudCamp London Nov 2019 IntroCloudCamp London Nov 2019 Intro
CloudCamp London Nov 2019 IntroChris Swan
 
Cooking with a touch of science and a dash of engineering
Cooking with a touch of science and a dash of engineeringCooking with a touch of science and a dash of engineering
Cooking with a touch of science and a dash of engineeringChris Swan
 

More from Chris Swan (20)

LNETM - Atsign - Privacy with Personal Data Services
LNETM - Atsign - Privacy with Personal Data ServicesLNETM - Atsign - Privacy with Personal Data Services
LNETM - Atsign - Privacy with Personal Data Services
 
SOOCon24 - Showing that you care about security - OpenSSF Scorecards
SOOCon24 - Showing that you care about security - OpenSSF ScorecardsSOOCon24 - Showing that you care about security - OpenSSF Scorecards
SOOCon24 - Showing that you care about security - OpenSSF Scorecards
 
All Day DevOps 2023 - Implementing OSSF Scorecards Across an Organisation.pdf
All Day DevOps 2023 - Implementing OSSF Scorecards Across an Organisation.pdfAll Day DevOps 2023 - Implementing OSSF Scorecards Across an Organisation.pdf
All Day DevOps 2023 - Implementing OSSF Scorecards Across an Organisation.pdf
 
Fluttercon Berlin 23 - Dart & Flutter on RISC-V
Fluttercon Berlin 23 - Dart & Flutter on RISC-VFluttercon Berlin 23 - Dart & Flutter on RISC-V
Fluttercon Berlin 23 - Dart & Flutter on RISC-V
 
QConNY 2023 - Implementing OSSF Scorecards Across an Organisation
QConNY 2023 - Implementing OSSF Scorecards Across an OrganisationQConNY 2023 - Implementing OSSF Scorecards Across an Organisation
QConNY 2023 - Implementing OSSF Scorecards Across an Organisation
 
Flutter SV Meetup Oct 2022 - End to end encrypted IoT with Dart and Flutter
Flutter SV Meetup Oct 2022 - End to end encrypted IoT with Dart and FlutterFlutter SV Meetup Oct 2022 - End to end encrypted IoT with Dart and Flutter
Flutter SV Meetup Oct 2022 - End to end encrypted IoT with Dart and Flutter
 
QConSF 2022 - Backends in Dart
QConSF 2022 - Backends in DartQConSF 2022 - Backends in Dart
QConSF 2022 - Backends in Dart
 
London IoT Meetup Sep 2022 - End to end encrypted IoT
London IoT Meetup Sep 2022 - End to end encrypted IoTLondon IoT Meetup Sep 2022 - End to end encrypted IoT
London IoT Meetup Sep 2022 - End to end encrypted IoT
 
Flutter Vikings 2022 - End to end IoT with Dart and Flutter
Flutter Vikings 2022 - End to end IoT with Dart and FlutterFlutter Vikings 2022 - End to end IoT with Dart and Flutter
Flutter Vikings 2022 - End to end IoT with Dart and Flutter
 
EMFcamp2022 - What if apps logged into you, instead of you logging into apps?
EMFcamp2022 - What if apps logged into you, instead of you logging into apps?EMFcamp2022 - What if apps logged into you, instead of you logging into apps?
EMFcamp2022 - What if apps logged into you, instead of you logging into apps?
 
Devoxx UK 2022 - Application security: What should the attack landscape look ...
Devoxx UK 2022 - Application security: What should the attack landscape look ...Devoxx UK 2022 - Application security: What should the attack landscape look ...
Devoxx UK 2022 - Application security: What should the attack landscape look ...
 
Flutter Festival London 2022 - End to end IoT with Dart and Flutter
Flutter Festival London 2022 - End to end IoT with Dart and FlutterFlutter Festival London 2022 - End to end IoT with Dart and Flutter
Flutter Festival London 2022 - End to end IoT with Dart and Flutter
 
Full Stack Squared 2022 - Power of Open Source
Full Stack Squared 2022 - Power of Open SourceFull Stack Squared 2022 - Power of Open Source
Full Stack Squared 2022 - Power of Open Source
 
Flutter Vikings 2022 - Full Stack Dart
Flutter Vikings 2022 - Full Stack DartFlutter Vikings 2022 - Full Stack Dart
Flutter Vikings 2022 - Full Stack Dart
 
Droidcon London 2021 - Full Stack Dart
Droidcon London 2021 - Full Stack DartDroidcon London 2021 - Full Stack Dart
Droidcon London 2021 - Full Stack Dart
 
Keeping a project going
Keeping a project goingKeeping a project going
Keeping a project going
 
Dart on Arm - Flutter Bangalore June 2021
Dart on Arm - Flutter Bangalore June 2021Dart on Arm - Flutter Bangalore June 2021
Dart on Arm - Flutter Bangalore June 2021
 
TMS9995 on RC2014
TMS9995 on RC2014TMS9995 on RC2014
TMS9995 on RC2014
 
CloudCamp London Nov 2019 Intro
CloudCamp London Nov 2019 IntroCloudCamp London Nov 2019 Intro
CloudCamp London Nov 2019 Intro
 
Cooking with a touch of science and a dash of engineering
Cooking with a touch of science and a dash of engineeringCooking with a touch of science and a dash of engineering
Cooking with a touch of science and a dash of engineering
 

Recently uploaded

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 

Recently uploaded (20)

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 

DevSecOps Days London - Teaching 'Shift Left on Security'

  • 1. © 2017 DXC Technology Company. All rights reserved. March 22, 2019 Teaching 'Shift Left on Security' Chris Swan (@cpswan) Fellow, VP, CTO Global Delivery
  • 2. March 22, 2019 Chris Swan – Why Me? Combat Systems Engineer - Royal Navy Security R&D - Credit Suisse CTO Security - UBS CTO - Cohesive Networks CTO Global Infrastructure Services - CSC CTO Global Delivery - DXC Technology @cpswan
  • 3. March 22, 2019 3© 2018 DXC Technology Company. All rights reserved. DXC Technology at a glance $21+Bglobal IT services leader 250+partner network with best-of-breed partners 60+years of innovation employees worldwide ~130,000 9streamlined offering families countries 70+ Agile/DevOps professionals 10,000+#19 of CR Magazine’s 100 Best Corporate Citizens for 2018 ~6,000clients 200+ Fortune 500 companies16 strategic partners
  • 4. March 22, 2019 4© 2018 DXC Technology Company. All rights reserved. DevOps Dojo by the numbers so far 14,000+ 650+ 2700+
  • 5. March 22, 2019 5© 2018 DXC Technology Company. All rights reserved. Stripe 1 Modules
  • 6. March 22, 2019 6© 2018 DXC Technology Company. All rights reserved. Story / Character based
  • 7. March 22, 2019 7© 2018 DXC Technology Company. All rights reserved. Welcome
  • 8. March 22, 2019 8© 2018 DXC Technology Company. All rights reserved. Setting the scene
  • 9. March 22, 2019 9© 2018 DXC Technology Company. All rights reserved. Startup
  • 10. March 22, 2019 10© 2018 DXC Technology Company. All rights reserved. Jenkins
  • 11. March 22, 2019 11© 2018 DXC Technology Company. All rights reserved. A week has passed…
  • 12. March 22, 2019 12© 2018 DXC Technology Company. All rights reserved. Adding OWASP dependency checker
  • 13. March 22, 2019 13© 2018 DXC Technology Company. All rights reserved. Add the scanner to the pipeline
  • 14. March 22, 2019 14© 2018 DXC Technology Company. All rights reserved. The broken build :/
  • 15. March 22, 2019 15© 2018 DXC Technology Company. All rights reserved. Removing stale dependencies
  • 16. March 22, 2019 16© 2018 DXC Technology Company. All rights reserved. The ground moves beneath our feet
  • 17. March 22, 2019 17© 2018 DXC Technology Company. All rights reserved. It worked that time
  • 18. March 22, 2019 18© 2018 DXC Technology Company. All rights reserved. Setting up daily scans
  • 19. March 22, 2019 19© 2018 DXC Technology Company. All rights reserved. Badge!
  • 20. March 22, 2019 20© 2018 DXC Technology Company. All rights reserved. GitHub used for support
  • 21. March 22, 2019 21© 2018 DXC Technology Company. All rights reserved. Students have polished the bugs out
  • 22. © 2017 DXC Technology Company. All rights reserved. Time for Questions?