SE Radio 575: Nir Valtman on Pipelineless Safety : Software program Engineering Radio

Nir Valtman, co-Founder and CEO at Arnica, discusses pipelineless safety with SE Radio host Priyanka Raghavan. They begin by defining pipelines after which take into account add safety. Nir lays out the important thing challenges in getting good code protection with the pipeline-based method, after which describes implement a pipelineless method and the benefits it affords. Priyanka quizzes him on the idea of “zero new hardcoded secrets and techniques,” in addition to some methods to guard GitHub repositories, and Nir shares examples of how a pipelineless method might assist in these eventualities. They then talk about false positives and dealing with developer fatigue in coping with alerts. The present ends with some dialogue across the product that Arnica affords and the way it implements the pipelineless methodology.

Associated Hyperlinks

Earlier SE Radio Episodes

1. 288 – Francois Reynaud on DevSecOps

2. 541 – Jordan Harband and Donald Fischer on Securing the Provide Chain

3. 559 – Ross Anderson on Software program Obsolescence

4. 514 – Vandana Verma on the OWASP Prime-10

5. 475 – Rey Bango on Safe Coding Veracode

6. 498 – James Socol on Steady Integration and Steady Supply

References

1. What’s pipelineless safety? (weblog submit)

2. What’s an sbom, what’s it not, and do you want one (weblog submit)

3. The best way to Scale back Code Threat Utilizing Pipelineless Safety

4. Arnica’s Actual-time Code Threat-Scanning Instruments Purpose to safe Provide Chain.html

5. What’s CI/CD Safety?

6. https://github.com/arnica-ext/GitGoat

7. Linkedin: valtmanir

Podcast: Play in new window | Obtain

Subscribe: Apple Podcasts |