Shifting left significantly reduces costs and diminishes release delays. Continuous security validation should be added at each step from development through production to help ensure the application is always secure. We can then switch the conversation with the security team from approving each release to approving the CI/CD process and having the ability to monitor and audit the process at any time.
In this session, we’ll be focusing on work done with Pride in London (a project using Gatsby2, Contentful and Netlify) and showing you how to create a secure continuous integration/continuous deployment pipeline. You’ll learn how GitHub Marketplace helped the team automating and improving our workflow with different tools for accessibility, code coverage, code review, code quality, security and other functionalities (ChatOps with Slack). You’ll also find out what OWASP is and how to improve the workflow for your own open source projects using GitHub Marketplace applications.
Sonya is a lifelong traveler who lived in the Middle-East, North Africa and Asia and is always looking for new challenges. She has made a career switch from International Business Consultant in Saudi Arabia and Singapore to Full Stack Software Engineer in South Korea to Lead Security Engineer at Photobox Group. Before coming to the UK, she was based in South Korea for 6 years where she learnt Korean and worked for several Korean companies. Sonya is a Tech Advocate and a public speaker in the UK tech scene. She is also a mentor for women in tech, a cybersecurity writer for FreeCodeCamp publications and an active member of the tech community in London. Her motto is #GetSecure, #BeSecure & #StaySecure.