Open source libraries and frameworks like npm package manager, Log4j and Spring have been a core part of many projects and now are being exposed as potential vulnerabilities causing us all to reevaluate our approach to securing our code. This last year has been an eye opening experience for many as software supply chain security attacks and vulnerabilities have been increasing at an alarming rate. Automation of DevOps components has been a key focus for many companies for years and implemented at some level of maturity successfully. A gap has been exposed to the broader global community illustrating a need to shift left on security and find ways to secure the SDLC through developer led proactive automation of security best practices, processes and scanning to mitigate potential vulnerabilities before and during deployment.
The audience can be from any role including managers, developers, operations and others with an interest in strengthening their organization's, or community project, security posture by enhancing existing or building new automation into their SDLC. Attendees will gain an understanding of software supply chain security solutions, frameworks, standards and how they might incorporate them in their enterprise.