View More Details & Registration
Please note: All Sessions are in Japan Standard Time Zone (UTC+09:00)
Back To Schedule
Thursday, December 3 • 10:45 - 11:35
The Practice and Implantation of DevSecOps - Jihai Zhou, Tencent
Feedback form is now closed.
Banks are very sensitive on data and therefore have a very high standard for the cyber security. Since 2018, we started to integrate Cyber Security into DevOps culture by running DevSecOps program, which aims to shift left the Cyber security mindset to the development teams through promoting DevSecOps tools combined with the relevant trainings. In this presentation, we will share how to integrate DevSecOps tools, such as Checkmarx, Contrast and Sonatype IQ into development CICD pipeline to discover vulnerability and produce reports through cyber security testing and scanning source code and 3rd party libraries. In addition, we will demonstrate three different ways to provide cyber security training to help development teams gradually grow their knowledge to have the capability to fix the vulnerability reported by DevSecOps tools, as well as establishing the new mindset over the time Finally, we build up a DevSecOps maturity model to measure the level of development teams’ cyber security ability. Based on the maturity level, the cyber security assessment before the production deployment will be simplified to benefit the development team (speed up the deliver)



DevOps Senior Architect, Tencent
Jihai graduated from Imperial College London as a PhD and started to work on DevOps from 2012 as the DevOps Lead/Champion in Barclays bank in the UK. His experience covers implementing DevOps tooling, leading the Technology transformation, managing DevOps teams, running DevOps Community... Read More →

Thursday December 3, 2020 10:45 - 11:35 JST
Virtual 5