The OWASP DevSlop team are back with "Patty", a new module of the project consisting of a DevSecOps pipeline made with Azure DevOps Pipelines, passing negative unit tests, all of the checks in the pipeline, storing its secrets in Key Vault, releasing into Azure. This entire system/project is open-sourced as part of the project as live streaming and recorded videos, so that developers can watch each of the lessons, add it to their own pipelines, and have a head start on DevSecOps. The talk will consist mostly of a start-to-finish demo of the system, finishing with the DevSlop team releasing their own website live, on stage, using the pipeline.
For many people 'the cloud' and DevSecOps can be a bit mysterious. Let's clear this up with a nice, long, slow demo of how to load up an app in your editor, make a change, run it through your pipeline (and pass the security checks!), then publish it into the cloud. One step at a time.
OWASP DevSlop: DevSecOps with Azure DevOps Pipelines (T08) - Las Vegas 2019