As lead engineer for the DevOps team at Unity Ads, Rasmus has been part of building the teams vision on building tools and platforms facilitating a DevOps culture in the organization, by enabling dev teams to autonomously build and deploy services. Currently working on next steps of strengthening our DevSecOps practices, by building and integrating security tooling and workflows into our automation.
Scaling DevSecOps to Integrate Security Tooling for 100+ Deployments per Day
Through automated builds and deployments, teams can develop and run their services in production, including taking ownership of the quality of their services. Our next step at Unity has been to integrate security tooling better into the deployment process, e.g. avoiding container vulnerability scanning happening days or weeks after the actual deployment took place.
Best practices for securing your deployments involves running security scanning tools as early as possible during your CI/CD pipeline, not as an isolated step after service has been deployed to production.
This session will cover best security practices for securing your build and deployment pipeline, by showing how we have integrated security tools into our common build and deployment pipeline, allowing teams to easily take these into use for their services. Presentation will also include examples of actual tools along with our findings during this process.