The presentation discusses the OnSiteCode platform and its capabilities in assisting with anomaly detection and adhering to security frameworks in software development pipelines.
- OnSiteCode connects to various tools in the software supply chain to analyze changes in real-time and provide notification of intrusive events
- The platform is policy-based and covers different layers of security, including access, insecure configurations, sequence detection, leak detection, infrastructure as code, and cloud security scanning
- Access-related configurations and privileged access are analyzed to ensure adherence to security standards
- The platform can detect anomalies and behaviors such as commits outside of normal working hours, peer reviews from non-developer accounts, and changes in work patterns for employees leaving the company
- The platform can assist with mitigating the risk of intellectual property theft
- Additional tooling is recommended for organizations with complicated release cycles to conform to NIST guidelines