Embrace security in your supply chain by Simon Melotte

While cloud native development brings a significantly shorter time-to-market and a whole new level of flexibility (and scalability) for new applications, the use of publicly available tools / code / libraries etc can also incur new business risks that can damage your organization’s reputation and cost lots of money. There are several separate tools available to reduce such risk, but most of them only cover a small part of the supply chain and they are hardly ever DevOps friendly. As a security focused organization, we believe that bringing the functionalities together in a user-friendly, yet very powerful platform helps developers and DevOps teams to secure all steps of the supply chain without the burden of having to manage all individual aspects. In this session, we demonstrate that it is pretty easy to make your code adhere to the organization’s security policies without feeling blocked, that it hardly takes any effort to prevent your pipeline from failing over misconfigurations or the reuse of existing code and that you can easily get full vulnerability and compliance visibility into your code dependencies. Then we will scan the artifact for compliance issues and vulnerabilities before deploying to a kubernetes cluster and see how we mitigate some risk. SIMON MELOTTE After twelve years in networking and network security at BNP Parisbas Fortis, Engie and NRB. In 2019, Simon took on the challenge of creating a new team at NRB to meet customer demands on public cloud and microservices. Today, Simon works as Prisma Cloud Solutions Architect at Palo Alto Networks where his focus is to reduce multi cloud complexities and improve security, stability, scalability, and velocity. Sporadic web developer (PHP - Laravel), Simon enjoys to automate infrastructure with infrastructure-as-code such as Ansible or Terraform.