2026-05-06 –, IFEN room 3 Workshops and AI Security Village (Building D)
What does the "perfect" CI/CD pipeline look like, especially one built with security at its core? This hands-on workshop explores that ideal using readily available open-source tools. We'll dissect the essential stages of a modern pipeline, demonstrating how to integrate security seamlessly throughout the development lifecycle (DevSecOps).
Through practical, step-by-step guidance, we'll implement key security checks like Static Application Security Testing (SAST), Software Composition Analysis (SCA), infrastructure vulnerability scanning, and secrets detection using popular OSS tools within a functional pipeline. While we'll showcase specific tools and configurations, the goal is not just replication, but understanding how and why these security controls work.
Discover the underlying principles of secure pipeline design and leave with actionable techniques to start building your own hardened, practical CI/CD pipeline.
Workshop repository: https://github.com/unicrons/secure-pipeline-workshop
Building Open Cloud Security at Prowler.
I started as a sysadmin, was a Site Reliability Engineer until a few years ago when I moved to the dark side... Security. I've been hooked to CTFs and anything with a scoreboard for a long time.
Starting the unicrons.cloud project to share knowledge about cloud security with the community.
I’m an SRE focused on Developer Productivity and Platform Engineering, with over 8 years of experience building tools that help developers work smarter. I pride myself on being highly pragmatic, always prioritizing solutions that balance efficiency and impact.
Oh, and fun fact: my right thumb is actually my toe. Yes, it’s as weird as it sounds, but I like to think I can give "Super Likes".