Global AppSec Dublin 2023

When it comes to repo protection and security - we often have the tradeoff between two extremes, general rules that cause a lot of friction and result in reduced velocity or GitOps policy tools that provide little coverage for the code itself.In the context of the age-old mono vs. multi-repo debate, it is actually much harder to secure the mono repo (due to its size and complexity) - and all too often developers will choose velocity over security. A good way to maintain good security hygiene for large mono-repos is by adopting the hierarchal repo model, that enables the enforcement of policy and access control for specific code folders - meaning DevOps can be sure no one has overly privileged access to IaC, and developers will have the ability to ensure greater quality and security than just some simple git checks.In this talk we'll demo with a working code example how to build custom policies and rules using a combination of static analysis tools and Open Policy Agent (OPA), git actions and native git tools to enforce security policies on the code itself without compromising developer velocity.

Dates

Author

Conferences

Tags

Empowering the Guardians of Your Code Kingdom

tldr - powered by Generative AI