DevSecOps in a Bottle—The Care and Feeding of Pocket Pipelines
DevSecOps techniques give us the power of receiving rapid feedback and the ability to incorporate new information on an ongoing basis. However, challenges arise when the development pipeline must be established without connection to external networks. There are excellent reasons for doing this, including reducing security risks to systems and proprietary data, but a little more consideration is required to provide our teams on pocket networks the same benefits of an end-to-end DevSecOps pipeline implementation for our container application. We will draw on our practical experience during a project where we containerized a legacy software application. During this project, we walked through design concerns such as automatability, sustainability, security vulnerabilities and mitigation of containers, and the deployment and testing of containers in an isolated environment. We will discuss the pitfalls and triumphs of DevSecOps in these environments, as well as the importance to maintaining a DevSecOps mindset regardless of the available tools.
Jennifer Hwe is a Lead DevSecOps Engineer for Northrop Grumman and has been working in the industry for over 16 years. She has been a part of many teams such as development, quality assurance, operations and site reliability engineering as a DevSecOps engineer for a wide variety of companies (finance, entertainment, gaming, health care and marketing). Jennifer is very passionate about process automation, security vulnerability reporting and mitigation, containerization, and large scale application deployments.