[BSL2024] Turnkey Code - Enhancing Secrets Management in Large Scale Organizations - Diogo Lemos
HTML-код
- Опубликовано: 13 дек 2024
- This talk will explore the implementation and benefits of secrets scanning tools, addressing challenges and solutions for managing secrets eMectively across large organizations. It will include insights from real-world implementations, focusing on reducing false positives, managing secrets in multiple repositories, and integrating security measures into CI/CD pipelines.
In this talk, Diogo Lemos will explore the concept of ‘Turnkey Code’ as a metaphor to emphasize the crucial role of integrating secrets directly into code with security in mind. He will discuss the implementation and benefits of secrets scanning tools that check for sensitive information across code bases and git histories. The presentation will delve into the challenges and solutions for reducing false positives, managing secrets in multiple repositories, and creating unique hashes for sensitive files. Additionally, Diogo will share his experiences in integrating these tools into CI/CD pipelines, maintaining dashboards, and developing a security scoring system to eMectively triage issues.
Key Takeaway: Learn how to effectively integrate advanced secrets scanning tools into CI/CD pipelines, reducing false positives and managing sensitive data across multiple repositories, with real-world insights from implementing these solutions at scale.
About the Speaker:
Diogo Lemos is an Application Security Engineer with extensive experience in developing and managing security solutions. His professional journey began at Checkmarx, where he built security products, and subsequently advanced to Flutter Entertainment. At Flutter, Diogo not only implemented these products but also gained the freedom to develop and tailor them to meet specific organizational needs. His expertise includes automating security processes, optimizing scanning programs, and spearheading cloud security initiatives. Diogo is also an active contributor to various open-source security projects and has a solid record of speaking at industry conferences, including talks on SAST and SCA solutions at Flutter and other venues.
