Title: RoboCop: Bringing law and order to CICD
In the movie, RoboCop is given three primary directives: “Serve the public trust, Protect the innocent, and Uphold the law”. We built our own RoboCop in order to bring law and order to our CI/CD pipeline. DevOps practices are all about enabling fast and frequent delivery of new software. In order to keep pace in a DevOps culture, application security must be reliably integrated into the CI/CD pipeline.
In this talk, we will show how our small AppSec team combined automated tools along with human oversight in order to achieve our directives at scale, while winning the hearts and minds of our development teams.