DevOps West 2018 Concurrent Session : A Definition of Done for DevSecOps


Thursday, June 7, 2018 - 11:30am to 12:30pm

A Definition of Done for DevSecOps

Add to calendar

DevOps needs to consider many different aspects of software quality to deliver reliable software continuously. The term DevSecOps was developed to highlight that security is a key component of quality and cannot be ignored during continuous delivery. Join Gene Gotimer as he discusses how to determine a definition of done that includes security for DevOps pipelines. He'll discuss how continuous integration can invoke static analysis tools to test for security errors and check for software vulnerabilities. You'll learn how automated deployments and virtualization make dynamic environments available for testing in a production-like setting, and explore approaches to leverage existing regression tests to test for security as a side effect. Gene will reveal how a DevOps pipeline can be designed with security in mind. You will leave this presentation with an understanding of how to construct a definition of done that includes security and how to choose security testing practices that assure you are doing DevSecOps properly.

Gene Gotimer
Coveros, Inc.

Gene Gotimer is a senior architect at Coveros, Inc., a software company that uses agile methods to accelerate the delivery of secure, reliable software. As a consultant, Gene works with his customers to build software better, faster, and more securely by introducing agile development and DevOps practices. He has many years of experience with web-based enterprise application design and a variety of development ecosystems, including continuous integration, continuous delivery, and DevOps. Gene feels strongly that repeatability, quality, and security are all strongly intertwined; each is dependent on the other two, which makes DevOps that much more crucial to software development.