2022-06-29, 16:30–16:50, Hall 3
Python remains a very popular programming and scripting language in the DevOps ecosystem for building CI/CD pipelines. In the same way we think about how we design and build our Python applications, we need to design, build and automate security.
The minimum viable security (MVS) approach, enables us to easily bake security into our config files, apps, and CI/CD processes with a few simple controls built for Python applications.
In this talk we will focus on five critical security controls that will be integrated as part of the CI/CD pipeline: Bandit for static application security (SAST), Gitleaks to detect hard-coded or insufficiently secured secrets, Python dependency checks (SCA), infrastructure as code (IaC) and ZAP for API and dynamic application security (DAST), in addition to custom controls to ensure proper enforcement of MFA via Github Security. These controls will provide a foundational framework for securing Python applications, from the first line of code, that will make it possible to continuously iterate and evolve our security maturity, for advanced layers of security that often comes with time, as well as increased experience.
Code examples will be showcased as part of this session.