BSidesLuxembourg 2026

What does the "perfect" CI/CD pipeline look like, especially one built with security at its core? This hands-on workshop explores that ideal using readily available open-source tools. We'll dissect the essential stages of a modern pipeline, demonstrating how to integrate security seamlessly throughout the development lifecycle (DevSecOps).

Through practical, step-by-step guidance, we'll implement key security checks like Static Application Security Testing (SAST), Software Composition Analysis (SCA), infrastructure vulnerability scanning, and secrets detection using popular OSS tools within a functional pipeline. While we'll showcase specific tools and configurations, the goal is not just replication, but understanding how and why these security controls work.

Discover the underlying principles of secure pipeline design and leave with actionable techniques to start building your own hardened, practical CI/CD pipeline.

What does the "perfect" CI/CD pipeline look like, especially one built with security at its core? In this talk, we'll explore that ideal using readily available open-source tools. We'll walk through the essential stages of a modern secure pipeline, demonstrating how to integrate security seamlessly throughout the development lifecycle (DevSecOps).

We'll cover seven key security stages: pipeline security scanning, code security analysis (SAST and SCA), secrets detection, container scanning, Infrastructure as Code scanning and runtime infrastructure scanning. You'll learn not just which tools to use, but why these security controls matter and how they work together.

Leave with a clear understanding of secure pipeline design principles and actionable techniques to start building your own hardened CI/CD pipeline.