Agile + DevOps West 2023 - DevOps Practices
Wednesday, June 7
.jpg%3Fitok=owdvb9yS&sc=99410af1980838bc65014bc2b12db659)
The Art of Defensive Programming
With every commit, the threat landscape increases. One single vulnerability is all a hacker needs. Vulnerabilities have multiple sources, and you must have a plan for securing each potential risk vector and identify vulnerabilities early. In this session, we will describe defensive coding techniques you can use as a daily practice and how you can build a security champion program. We will practically cover ways of identifying security vulnerabilities in your IDE using CodeQL as a Static Code Analysis tool. This is an important step in the pre-commit stage to identify security...
Shifting Left the Right Way–Improving DevSecOps
"Shift left" is the mantra of DevSecOps. The closer to our developers that we can move the prevention of a security vulnerability being introduced to our codebase, the cheaper and faster it is for our organization. However even in 2023 old vulnerabilities find their way into new pull requests and merges. We can't continue to "shift left" and hope for the best. Instead, our focus needs to turn to providing the right tools and resources to our developers at the right time. Proper techniques need to be as friction free as shortcuts, workflows integrated, and correction offered in clear...
Building Applications with Infrastructure as Code
How do you ensure consistency in your environments? How do you make sure the resources you deploy have the same configurations across different accounts? How can I see all of the configurations for all of my resources in one place? Infrastructure as code is the answer. Many developers start building applications from their cloud console. While great for learning, this is not a scalable method for building applications. In this session, learn how to move from the console to using infrastructure as code. You will learn how to construct applications that can be versioned and deployed...
Thursday, June 8
Best Practices: CI/CD with Micro Services
You have finally split your monolith into microservices. How do you validate a complex application and make it scale? Instead of having just one CI/CD pipeline, you have several. And as the number of microservices increases, so does the quantity of pipelines. As an outcome, managing pipelines for microservice applications can get out of hand, especially when you try to reuse common pipeline parts amongst different applications. If you apply monolithic solutions to microservice problems, you will have a bad time. If you treat microservices like monoliths, you’ll end up with thousands of...
Evolving QA for the Age of Agile
Do you feel like your agile efforts are continuously (pun intended) being stopped or slowed by QA? That is a common problem that several organizations need help fixing, not knowing that the source of the problem may not be (only) QA. Join Leandro Melendez as he takes you through the evolutions of a set of comic book mutant superpowers that our teams and organizations need to have quality in their software. In the talk, Leandro will guide you through the characteristics of genuine agile teams, some pitfalls they may be falling into, and much more on the organization's side. But as well, QA...
Continuous Build and Other DevOps Anti-Patterns and How to Overcome Them
Software development is hard and poorly implemented or broken tools, techniques, and patterns just make it worse. Learn to spot DevOps anti-patterns and how to work your way back to a sane way of working. Continuous Build is an anti-pattern that Tom Stiehm has seen often, where a team will have what they call Continuous Integration (CI) in place, but it only builds the code. There are no unit tests or static analysis run. Certainly, this is better than not building, but it leaves a lot of health check information on the table that is considered part of CI. Without this information, you can...