DevSecOps

Security in CI/CD, dependency scanning, container security, policy-as-code, and shift-left security practices.

Topics

Lessons

License compliance, vulnerability scanning, SBOM generation

OPA, Kyverno, Sentinel — automated compliance enforcement

Pre-commit hooks, pipeline-integrated credential detection

Pipeline hardening, OIDC auth, ephemeral credentials