Skip to main content

CDF Workshop: Securing your CI/CD Pipeline from Code to Deployment

By June 9, 2023June 23rd, 2023Blog, Staff
Securing CD Pipeline Live image

We’re happy to announce the first Continuous Delivery Workshop! This one will help you secure your pipeline from one end to the other. The workshop format is the perfect learning environment. There won’t be any judgment and you’ll get to ask your questions live!

When: June 22, 2023
Time: 8 am PST (Compare to your timezone)

*Live event has passed.

What You’ll Learn

The first step in protecting your software supply chain should include adding security actions to your CI/CD pipeline, from scanning your repos to locking down your builds. The pipeline should be evolved to include available open source tools that can shift your DevOps pipeline to a DevSecOps pipeline. In this CDF workshop, Steve Taylor will cover 5 phases of the DevOps process that must be reinforced to improve your supply chain security. In this workshop, you will learn about new open source security tooling that you can immediately add to your pipeline to implement good security practices. 

You will learn:

  • What phases of the pipeline need security actions.
  • How to implement the OpenSSF Security Scorecard
  • Where signing and SBOM generation should be added.
  • How to understand SLSA and how the Pyrsia decentralized package network can help you achieve SLSA compliance.
  • How to use Ortelius as an evidence store to consolidate security logs and build an organizational-level security profile. 
  • How CDEvents will simplify adding new tooling to your pipeline to maintain a secure software supply chain. 

Securing your organization from cyber hacks is not just the job of production teams. It is time for development teams to play their part. Building security into your CD Pipelines is the first step. This workshop will help you get there. 

Who Should Attend

This workshop is intended for DevOps Engineers, Security Professionals, and software developers who are involved in implementing pipeline tooling to harden the software factory. It is designed with individuals who have experience in CI/CD in mind. 

Speaker: Steve Taylor

Steve Taylor

Steve Taylor is the CTO and Co-founder of DeployHub. He is recognized as a visionary and industry leader in the area of microservices, open source security, Kubernetes, DevOps process improvement, software build and release, and software supply chain. Steve was designing continuous delivery pipelines for Fortune 1000 companies before the term ‘continuous integration’ was ever used.  He is the mastermind behind OpenMake Meister, a build automation solution that has served its customers for over 20 years.  Steve is also the architect of DeployHub, the first commercial security and pipeline evidence catalog. Steve is a primary contributor to the Ortelius CDF project, the Pyrsia CDF project, and currently serves as a CDF TOC Board Member. Steve received the CDF Top Contributor award for 2023, and Top Pyrsia Contributor for 2023.

Prior to DeployHub, Steve was the Chief Architect and CFO of OpenMake Software where he was committed to keeping the Meister Build automation solution relevant to its 400+ customers, as well as keeping the company’s financials sound and without the need for outside investment. 

Find Steve on Social

📇 Linkedin: Steve Taylor
🐦 Twitter: @DeployHubProj