Join us for an exclusive opportunity to hear from Kohsuke Kawaguchi, the developer and founder of Jenkins and CloudBees’ Vice President of Engineering and Co-head of AI. Kohsuke’s insights have been instrumental in transforming modern software development, and he will share his inspiring personal journey alongside his vision for the intersection of artificial intelligence and where he thinks the best innovation opportunities are.
This event also features Sunil Mavadia, Field CTO at CloudBees, who will provide an in-depth look at CloudBees’ strategic direction and the key differentiators that make it a leader in the market. Learn how CloudBees is empowering developers and organizations to ship reliable code faster while staying competitive in an evolving industry.
This event is tailored for developers, QA engineers, software testers, and technology decision-makers who want to stay at the forefront of DevOps innovation. You’ll gain valuable insights into:
Kohsuke Kawaguchi’s Journey: Get firsthand knowledge of how Jenkins became the bedrock of modern CI/CD pipelines
AI in Testing: Learn about AI-augmented approaches to quality assurance AI-Driven Test Intelligent solutions that enable faster and more efficient software testing.
CloudBees’ Market Differentiators: Hear from Sunil Mavadia about the strategies that set CloudBees apart as a leader in helping teams ship code reliably and effectively.
Actionable Insights: Walk away with practical knowledge that can help your team prioritize what matters, improve efficiency, and deliver better software, faster.
We look forward to seeing you in Palo Alto! Together, we’ll explore how innovation in software testing and DevOps can drive your team toward greater productivity and success.
Continuous Integration and Continuous Delivery (CI/CD) pipelines have become indispensable in modern software development. These pipelines are critical touchpoints where code-level vulnerabilities, container security issues, and vulnerability remediation efforts converge. As the demand for stronger security measures grows across the software lifecycle—from code to cloud—CI/CD teams face increasing pressure to embed robust cybersecurity guardrails directly into their processes.
The CD Foundation’s CI/CD Cybersecurity SIG (Special Interest Group) aims to address this challenge by advancing security tooling within CI/CD pipelines. This group will define DevSecOps best practices and develop frameworks to enable secure pipeline implementation, ensuring seamless security integration from code to cloud.
Why This SIG Is Needed
The necessity of this SIG is underscored by rising industry challenges and trends:
1. Rising Vulnerabilities:
In 2024 alone, over 500,000 new vulnerabilities were identified.
Many vulnerabilities remain unaddressed for over a year, exposing organizations to significant risks.
IBM research shows that delays in vulnerability remediation cost enterprises an average of $5.5 million annually.
2. Expanding Threat Landscape with AI:
The rapid development of AI-driven solutions has introduced new security challenges.
This trend has broadened the attack surface, particularly in securing pipelines associated with Large Language Models (LLMs) and other AI workloads.
While organizations like the Cloud Native Computing Foundation (CNCF) and the Open Source Security Foundation (OpenSSF) are developing innovative security tools, discussions around their integration within CI/CD pipelines remain limited. Addressing this gap is critical for the evolution of CI/CD practices.
SIG Goals and Objectives
The CI/CD Cybersecurity SIG seeks to:
1. Develop Integration Frameworks:
Create specifications and standards for integrating open source and proprietary security tools into CI/CD pipelines.
2. Promote Security Best Practices:
Establish security guardrails for CI/CD teams, focusing on key areas like:
Code-level security
Container security
Vulnerability management
3. Identify and Evaluate Emerging Tools:
Act as a resource for evaluating and recommending security tools to meet evolving CI/CD requirements.
4. Collaborate with Industry Leaders:
Engage with CNCF, OpenSSF, and other relevant communities to promote cross-industry collaboration.
Scope of Work
The SIG will undertake the following key activities:
Develop and disseminate frameworks, playbooks, and guidelines for securely integrating security tooling within CI/CD.
Provide recommendations for securing pipelines used in AI and LLM deployments.
Identify gaps in current CI/CD security tooling and collaborate with the community to address these gaps.
Review and enhance existing security recommendations tailored specifically to CI/CD pipelines.
The CI/CD Cybersecurity SIG represents a pivotal initiative to enhance security in CI/CD pipelines and address modern cybersecurity demands. By focusing on integration frameworks, security best practices, and emerging tooling, the SIG will support organizations in embedding robust security measures into every stage of their CI/CD processes. This effort will ensure a resilient and secure software development lifecycle, empowering teams to build and deploy software with confidence.
Listen in on the discussion about the impact of generative AI and explore various use cases and implications of the technology in the context of continuous delivery.
