Right-Sized DevSecOps for Open Source Projects
• Presentation
Publisher
Software Engineering Institute
Topic or Tag
Abstract
It’s no secret that running a DevSecOps pipeline typically requires significant resource investment, both time and money. This is especially problematic for open source projects and projects that simply do not have deep pockets. The good news is that DevSecOps doesn’t have to cost a lot! During this talk, we will demonstrate how to bootstrap a project with a full DSO pipeline, using only containers and free/open source tools. We will also demonstrate the excellent properties our approach has for security, scalability, and reproducibility across environments as the project grows in size.
David Shepard is a seasoned professional with experience in networking, servers, software design and test, process improvement, application security, big data, and machine learning. He has worked across many sectors and sizes of institutions. At the SEI, David focuses on cutting-edge research while maintaining his engineering roots. He holds multiple certifications and has been instrumental in several high-profile projects. David is passionate about continuous learning, innovation, and advancing technology and practices. He frequently shares his expertise at industry conferences and through various publications.
Morgan Farrah has worked at the SEI on the DevSecOps Innovation (DSOI) team for over a year now as an Assistant Technical Engagement Lead. Before this Farrah studied at Colgate University and Penn State University where she earned a B.A. in Computer Science and her general MBA. Farrah's professional background includes both leadership and DSOI experience.
Maxfield Kassel is a graduate student at Carnegie Mellon University, currently pursuing a master's degree in software engineering with a focus on scalable systems. He brings over five years of research experience, including four years dedicated to developing autonomous vehicle simulations at the University of Wisconsin-Madison (UW-Madison), where he earned his BS in computer science. Following his undergraduate work, Maxfield continued his research at UW-Madison's biochemistry department, where he specialized in creating visualization software for large datasets. Most recently, he interned at the Software Engineering Institute (SEI), where he concentrated on developing environments and pipelines for a variety of projects.