Agile + DevOps West 2023 - DevOps Practices

With every commit, the threat landscape increases. One single vulnerability is all a hacker needs. Vulnerabilities have multiple sources, and you must have a plan for securing each potential risk vector and identify vulnerabilities early. In this session, we will describe defensive coding techniques you can use as a daily practice and how you can build a security champion program. We will practically cover ways of identifying security vulnerabilities in your IDE using CodeQL as a Static Code Analysis tool. This is an important step in the pre-commit stage to identify security...

Organizations face numerous challenges during their journey to Digital Cloud Transformation—the most pressing challenges are frequent failures and the absence of a “big-picture” mindset. Driven by KPMG’s quest to deliver a superior customer experience, their Digital Cloud Transformation framework delivers improved quality, reduced time to market, reliability, and sustainable Cloud Transformation. Moving away from the archaic approach from replicating traditional regression onto cloud integration validations, KPMG has helped customers minimize risk and increase test coverage by E2E...

"Shift left" is the mantra of DevSecOps. The closer to our developers that we can move the prevention of a security vulnerability being introduced to our codebase, the cheaper and faster it is for our organization. However even in 2023 old vulnerabilities find their way into new pull requests and merges. We can't continue to "shift left" and hope for the best. Instead, our focus needs to turn to providing the right tools and resources to our developers at the right time. Proper techniques need to be as friction free as shortcuts, workflows integrated, and correction offered in clear...

Everyone in your organization has probably discussed automation at least once. But who is responsible for automation? And what are the automation strategies for your organization? Several factors should be considered before jumping into automation. In this session, Lisette Zounon will share her personal experiences and cover case studies and successful quality transformation. Lisette will also cover what to consider for your automation strategies because it always depends on your organization and what you are trying to achieve. Attendee takeaways from this session include identifying your...

You have finally split your monolith into microservices. How do you validate a complex application and make it scale? Instead of having just one CI/CD pipeline, you have several. And as the number of microservices increases, so does the quantity of pipelines. As an outcome, managing pipelines for microservice applications can get out of hand, especially when you try to reuse common pipeline parts amongst different applications. If you apply monolithic solutions to microservice problems, you will have a bad time. If you treat microservices like monoliths, you’ll end up with thousands of...

Microservices, CI/CD, DevOps, GitOps, cluster networking, etc.—more and more teams are building software fundamentally differently than they did even a few years ago. However, testing approaches and tooling have not caught up yet. At least not until now. What if you could apply the same type of GitOps and DevOps methodologies to your testing activities? Tests could be deployed and stored in a Kubernetes cluster, they could be decoupled from your CI/CD, orchestrated in the cluster in the same way you do with your applications and not in your CI/CD, publish results aggregated in a common...