DevConf.CZ

Implementing DevSecOps in Production with Stackrox and Tekton
2024-06-15 , E104 (capacity 72)

In this session, we will demonstrate how to implement DevSecOps pipelines in production using Stackrox and Tekton and other Open Source Security tools such as Sigstore among others.

We will demonstrate how to eliminate security risks on our CICD pipelines implementing DevSecOps, and securing the software supply chain providing continuous scanning and runtime protection. On the other hand, we will demonstrate how to shift the security left, detecting and remediating vulnerabilities and misconfigurations that could affect the security of our workloads in production.

Finally we will depict how to provide to the developers automated guardrails, integrating Stackrox with DevOps and security tools such as Sigstore and Quay among others, building robust productive DevSecOps pipelines.

See also:

Roberto is a Principal AI Platform Architect specializing in Container Orchestration Platforms (OpenShift & Kubernetes), Cloud, DevSecOps, and AI/ML. With over 10 years of experience in system administration, cloud infrastructure, and DevSecOps automation, he holds two MSc degrees in Telco Engineering and AI/ML.

This speaker also appears in:

Philipp is part of the EMEA OpenShift Black Belt team at Red Hat, focusing on the managed cloud offerings. He has worked in the IT industry for about 20 years in various roles, from development to cloud infrastructure consulting. Over the last few years, Philipp has worked extensively on Kubernetes-related topics, planning and implementing Kubernetes platforms with various local and international companies.