Fight Back Against Cyber Risk in the Software Supply Chain with a Secure and Compliant DevSecOps Pipeline for Regulated Environments

This session addresses the critical challenges of cyber risk in the software supply chain, particularly for regulated environments like financial services. The speakers share their experience in building secure and compliant DevSecOps pipelines using open-source tools. They cover best practices for a secure software supply chain, including automation with 'Everything as Code,' early mitigation of security risks, standardization, and evidence gathering for audits. A specific solution based on the BIAN architectural framework is presented, showcasing Continuous Integration, Continuous Deployment, and Continuous Compliance in a real-world scenario with tools like Tekton, Terraform, and SonarQube.