Adapting DevOps in a World of Growing Software Supply Chain Attacks

Updated on January 13, 2022
GOTO Copenhagen 2021
Adam Such
Adam Such

Principal Solutions Architect for the Nordics region at Sonatype

As we embrace movements like CI/CD and DevOps to cut down on release cycles - and innovate faster, we as developers must also embrace the reality that the risk landscape is too complex to leave “security” to just those with security in their title.

Instinctively, we understand how critical this is, especially in a time of growing high profile attacks on software supply chains across the world - most recently Dependency Confusion, the Cloudflare and SolarWinds breach - embracing security as a development team has never been more important.

Done properly, DevSecOps practices shouldn’t interrupt the DevOps pipeline - but instead aid it - preventing costly rebuilds and build failures, down the road. By creating automated governance that is embedded early and throughout the software development lifecycle, developers have transparent access to digital guardrails integrated within our native tools — an approach that ensures security is being built in without slowing us down.

In this talk, you'll learn about: