DevOps in the Spotlight

T08 OWASP DevSlop: DevSecOps with Azure DevOps Pipelines


9:30am - 10:45am

Level: Introductory to Intermediate

Tanya Janca



The OWASP DevSlop team are back with "Patty", a new module of the project consisting of a DevSecOps pipeline made with Azure DevOps Pipelines, passing negative unit tests, all of the checks in the pipeline, storing it’s secrets in Key Vault, releasing into Azure. This entire system/project is open-sourced as part of the project as live streaming and recorded videos, so that developers can watch each of the lessons, add it to their own pipelines, and have a head start on DevSecOps. The talk will consist mostly of a start-to-finish demo of the system, finishing with the DevSlop team releasing their own website live, on stage, using the pipeline.

For many people 'the cloud' and DevSecOps can be a bit mysterious. Let's clear this up with a nice, long, slow demo of how to load up an app in your editor, make a change, run it through your pipeline (and pass the security checks!), then publish it into the cloud. One step at a time.