Join a Meeting or an Event
On May 19th, the Ortelius community celebrated individuals who have been awarded recognition badges, and shared knowledge on supply chain, microservices, and the need for a centralized catalog.
Wednesday, June 21st 10AM PT / 1PM ET
Testing applications running on Kubernetes is difficult! You may have noticed some of the shortcomings if you’re running integration or end-to-end tests in your DevOps pipeline. For example, authenticating CI to access your cluster leaves potential security holes, challenges storing your test artifacts, and added complexities slowing down the testing process. You may even store your testing tools’ screenshots and recordings for future access. Eventually, the added toil causes your team to deprioritize running tests. Whether you are a developer, tester, or DevOps practitioner, you should leverage the power of Cloud Native Testing to take a new approach to testing your Kubernetes Applications. In this presentation, Abdallah will help you become the person who is doing and enabling others to execute tests in a complex Kubernetes environment painlessly. Join us!
Thursday, June 22st 8AM PT / 11PM ET
The first step in protecting your software supply chain should include adding security actions to your CI/CD pipeline, from scanning your repos to locking down your builds. The pipeline should be evolved to include available open-source tools that can shift your DevOps pipeline to a DevSecOps pipeline. In this CDF workshop, Steve Taylor will cover 5 phases of the DevOps process that must be reinforced to improve your supply chain security. In this workshop, you will learn about new open-source security tooling that you can immediately add to your pipeline to implement good security practices.
You will learn the following:
What phases of the pipeline need security actions. How to implement the OpenSSF Security Scorecard. Where signing and SBOM generation should be added. How to understand SLSA and how the Pyrsia decentralized package network can help you achieve SLSA compliance. How to use Ortelius as an evidence store to consolidate security logs and build an organizational-level security profile. How CDEvents will simplify adding new tooling to your pipeline to maintain a secure software supply chain. Securing your organization from cyber hacks is not just the job of production teams. It is time for development teams to play their part. Building security into your CD Pipelines is the first step. This workshop will help you get there.
Join a SIG or attend our General meetings. We look forward to your help and input on the Ortelius project: