Mar 27 2024 24 mins
Inspired by reading ‘Investments Unlimited’ and other books built around the principles of storytelling, James and Josh dive into DevSecOps and the bigger picture of shifting security left in this new episode of Off Script!
In this episode:
- 00:00 Fictional Bugs - Investments Unlimited
- 01:00 DevSecOps
- 02:00 Moving security testing to the beginning
- 03:00 Reducing the friction of releases
- 04:00 Go through pain points early
- 05:00 Strict linting, function length, no unused variables
- 06:00 Early automated tests to prevent Git leaks
- 08:00 Making it easy for the developer
- 10:00 Bearer
- 11:00 Concise reporting
- 12:00 Dependabot
- 13:00 Secret Management
- 14:00 Making it easy to do the right thing
- 16:00 Having pride in your security
- 17:00 What if your language doesn’t have much security support?
- 19:00 Dynamic & Static languages
- 20:00 Language agnostic tools
- 21:00 Key takeaways
References:
- https://itrevolution.com/product/investments-unlimited/
- https://www.bearer.com/
- https://github.com/dependabot
Find out more about Stac and Parallax: