Episode 40: Shifting security left

Inspired by reading ‘Investments Unlimited’ and other books built around the principles of storytelling, James and Josh dive into DevSecOps and the bigger picture of shifting security left in this new episode of Off Script! In this episode: 00:00 Fictional Bugs - Investments Unlimited 01:00 DevSecOps 02:00 Moving security testing to the beginning 03:00 Reducing the friction of releases 04:00 Go through pain points early 05:00 Strict linting, function length, no unused variables 06:00 Early automated tests to prevent Git leaks 08:00 Making it easy for the developer 10:00 Bearer 11:00 Concise reporting 12:00 Dependabot 13:00 Secret Management 14:00 Making it easy to do the right thing 16:00 Having pride in your security 17:00 What if your language doesn’t have much security support? 19:00 Dynamic & Static languages 20:00 Language agnostic tools 21:00 Key takeaways References: https://itrevolution.com/product/investments-unlimited/ https://www.bearer.com/ https://github.com/dependabot Find out more about Stac and Parallax: https://stac.works https://parall.ax