The Challenge and Solutions to Implement DevSecOps into Large Banks
Join us for Kubernetes Forums Seoul, Sydney, Bengaluru and Delhi - learn more at kubecon.io
Don’t miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects
The Challenge and Solutions to Implement DevSecOps into Large Banks - Jihai Zhou & Weiqiang Yang As one of the largest banks in the world, we have run a few years DevOps program in HSBC Technology to establish DevOps culture and mindset between teams. Since 2018, we starts to integrate Cyber Security into DevOps culture by running DevSecOps program. We aim to shift left the Cyber security mindset to the development teams through promoting DevSecOps tools combined with the relevant training. In this presentation, we will share how to integrate DevSecOps tools, such as Checkmarx, Contrast and Sonatype IQ into development CICD pipeline to produce vulnerability dashboard In addition, we will demonstrate three different ways to provide cyber security training to help development teams gradually grow their knowledge to have the capability to fix the vulnerability reported by DevSecOps tools, as well as establishing the brand new mindset over the time