A DEV FRIENDLY CLOUD NATIVE SECURITY PIPELINE!

Cloud Security Podcast -  we are continuing with our "Kubernetes Security & KubeCon EU 2023" and for the fiveth episode in this series Eve Ben Ezra from The New York Times. GitOps, OPA Conftest, ArgoCD are some of the components to add security to a Cloud Native Security Pipeline! - Eve Ben Ezra from The New York Times shared how we can use these tools to create a Dev Friendly Security Pipeline. Episode ShowNotes, Links and Transcript on Cloud Security Podcast: ⁠⁠⁠⁠⁠⁠⁠www.cloudsecuritypodcast.tv⁠⁠⁠⁠⁠⁠⁠ FREE CLOUD BOOTCAMPs on ⁠⁠⁠⁠⁠⁠⁠www.cloudsecuritybootcamp.com⁠⁠⁠⁠⁠⁠⁠ Host Twitter: Ashish Rajan (⁠⁠⁠⁠⁠⁠⁠@hashishrajan⁠⁠⁠⁠⁠⁠⁠) Guest Socials: Eve Ben Ezra (Eve Ben Ezra's Linkedin) Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠@CloudSecureNews⁠⁠⁠⁠⁠⁠⁠ If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - ⁠⁠⁠⁠⁠⁠⁠Cloud Security News ⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠ Spotify TimeStamp for Interview Questions (00:00) Introduction (03:10) A bit about Eve (04:05) Eve's 2nd Kubecon (04:43) About Eve's talk at Kubecon (05:29) What is GitOps? (06:28) What is Argo CD? (07:19) What is OPA? (07:34) Why NYTimes has a development platform? (09:14) Challenges with implementing a shared infrastructure (11:17) Feedback is one of the challenges (12:19) Using OPA gatekeeper (13:30) When should developers get feedback in GitOps operational framework? (14:52) What does local feedback to developers look like? (15:54) What is Conftest? (16:24) How do people get started with OPA? (18:32) Making security more accessible for developers (23:02) Managed or self hosted Kubernetes deployment (24:09) How to get started with this? (25:08) Starting with OPA vs Starting with CICD (25:35) Where can you start learning about Kubernetes? (28:10) The difference between CI and CD See you at the next episode!