Repository for the DevConf CZ 2024 about Implementing DevSecOps in Production with Stackrox and Tekton session.
In this session, we will demonstrate how to implement DevSecOps pipelines in production using Stackrox and Tekton and other Open Source Security tools such as Sigstore among others.
We will demonstrate how to eliminate security risks on our CICD pipelines implementing DevSecOps, and securing the software supply chain providing continuous scanning and runtime protection. On the other hand, we will demonstrate how to shift the security left, detecting and remediating vulnerabilities and misconfigurations that could affect the security of our workloads in production.
Finally we will depict how to provide to the developers automated guardrails, integrating Stackrox with DevOps and security tools such as Sigstore and Quay among others, building robust productive DevSecOps pipelines.
- Demo 1 - Installing DevSecOps tooling with GitOps in ARO
- Demo 2 - Using StackRox to Check Vulnerabilities of container images
- Demo 3 - Using Cosign to Check vulnerability in Container Images
- Demo 4 - DevSecOps Image Signature Verification Pipeline
- Demo 5 - Hacking Tekton Pipeline with unsigned Container Images
TBD
TBD