DevConf.cz 2022 has ended
Back To Schedule
Saturday, January 29 • 11:30am - 11:55am
DevSecOps in a Nutshell: The CRDA Platform

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

DevSecOps stands for development, security, and operations. It's an approach to integrate security at every phase of the software development lifecycle, from integration, testing, deployment, and software delivery.

One of the essential things to ensure security is by auditing package dependencies for security vulnerabilities, it helps users to detect and fix known vulnerabilities in dependencies they used which could cause data loss, service outages, unauthorized access and other security violations.

In this session I will be showing "How a developer/organization can audit their project dependencies at the Development, Deployment and Delivery phase, using a single platform known as CodeReady Dependency Analytics." This platform can take care of vulnerability scanning at every phase of the software development lifecycle and it not only provides vulnerability details but also shows users the GitHub statistics to get the popularity of packages, license analysis to get information of package license.

This platform provides vulnerability and compliance analysis at following steps of SDLC

1). Feature development:- CRDA provides extensions for some of the most used IDEs to help developers find and fix vulnerabilities while writing the code. Users can also use CRDA CLI to scan dependencies from the terminal.

2). Build Pipelines:- At this stage users can leverage CRDA by using it in build pipelines, for it CRDA is available as GitHub Action, Jenkins Plugin and Tekton Task.

3). Containerization:- Once images are built it can be scanned for vulnerabilities using CRDA integration available in Clair image scanner and when image is pushed to Quay repo CRDA can scan image for vulnerabilities.

In the session I will talk about all capabilities of CRDA and demonstrate its usage in SDLC.

Session chairs: Dita Stehlikova and Irina Gulina

avatar for Jayendra Parsai

Jayendra Parsai

Software Engineer, Red Hat
Software Engineer @Red Hat | Python | Java | Docker | Microservices | Openshift | AWS

Saturday January 29, 2022 11:30am - 11:55am CET
Session Room 1