The internet is a dangerous place. But while new exploits are being created, new protections are being invented. But one question for the average developer has remained: How do you secure the software you are creating?
In this talk I want to tell the story of a team that is visited by three ghosts. The ghost of the DevSecOps past will show us where the team cheated in their codebase to go to market faster.
Then, the ghost of the DevSecOps present will show us what is available to shift left our security process. We will also see, how we can make compliance happy by pinning our kubernetes deployments to specific versions of container image.
While these tools are already around for some time, the process of finding new versions of dependencies has been a tedious one. On a journey with the ghost of the DevSecOps future, we will learn how we can automate and accellerate the update process with new tools like renovate.