2026-05-07 –, Main Stage
What does the "perfect" CI/CD pipeline look like, especially one built with security at its core? In this talk, we'll explore that ideal using readily available open-source tools. We'll walk through the essential stages of a modern secure pipeline, demonstrating how to integrate security seamlessly throughout the development lifecycle (DevSecOps).
We'll cover seven key security stages: pipeline security scanning, code security analysis (SAST and SCA), secrets detection, container scanning, Infrastructure as Code scanning and runtime infrastructure scanning. You'll learn not just which tools to use, but why these security controls matter and how they work together.
Leave with a clear understanding of secure pipeline design principles and actionable techniques to start building your own hardened CI/CD pipeline.
This talk is a companion presentation to our hands-on workshop, distilling the key concepts and tool demonstrations into a focused session suitable for all attendees.
Workshop repository: https://github.com/unicrons/secure-pipeline-workshop
Building Open Cloud Security at Prowler.
I started as a sysadmin, was a Site Reliability Engineer until a few years ago when I moved to the dark side... Security. I've been hooked to CTFs and anything with a scoreboard for a long time.
Starting the unicrons.cloud project to share knowledge about cloud security with the community.
I’m an SRE focused on Developer Productivity and Platform Engineering, with over 8 years of experience building tools that help developers work smarter. I pride myself on being highly pragmatic, always prioritizing solutions that balance efficiency and impact.
Oh, and fun fact: my right thumb is actually my toe. Yes, it’s as weird as it sounds, but I like to think I can give "Super Likes".