The talk discusses the importance of maintaining good security hygiene for large mono-repos by adopting the hierarchical repo model and using a combination of static analysis tools and Open Policy Agent (OPA) to enforce security policies on the code itself without compromising developer velocity.
- Comparison of OSP top 10 lists from 2003 and 2023 to show how applications have shifted over the years
- The most effective way to avoid insecure application is to not deploy
- The need for a permission model and policy engines to streamline access control and decision-making
- Open Policy Agent (OPA) as a popular policy engine that can be configured using the Rigo language
- The importance of writing queries to understand the permission we want to give for every deployment process
- Illustration of a simple deployment process using OPA and queries