SE Radio 575: Nir Valtman on Pipelineless Safety : Software program Engineering Radio

Nir Valtman, co-Founder and CEO at Arnica, discusses pipelineless safety with SE Radio host Priyanka Raghavan. They begin by defining pipelines after which think about easy methods to add safety. Nir lays out the important thing challenges in getting good code protection with the pipeline-based strategy, after which describes easy methods to implement a pipelineless strategy and the benefits it provides. Priyanka quizzes him on the idea of “zero new hardcoded secrets and techniques,” in addition to some methods to guard GitHub repositories, and Nir shares examples of how a pipelineless strategy might assist in these situations. They then focus on false positives and dealing with developer fatigue in coping with alerts. The present ends with some dialogue across the product that Arnica provides and the way it implements the pipelineless methodology.

Associated Hyperlinks

Earlier SE Radio Episodes

1. 288 – Francois Reynaud on DevSecOps

2. 541 – Jordan Harband and Donald Fischer on Securing the Provide Chain

3. 559 – Ross Anderson on Software program Obsolescence

4. 514 – Vandana Verma on the OWASP Prime-10

5. 475 – Rey Bango on Safe Coding Veracode

6. 498 – James Socol on Steady Integration and Steady Supply

References

1. What’s pipelineless safety? (weblog publish)

2. What’s an sbom, what’s it not, and do you want one (weblog publish)

3. The way to Cut back Code Danger Utilizing Pipelineless Safety

4. Arnica’s Actual-time Code Danger-Scanning Instruments Goal to safe Provide Chain.html

5. What’s CI/CD Safety?

6. https://github.com/arnica-ext/GitGoat

7. Linkedin: valtmanir

Podcast: Play in new window | Obtain

Subscribe: Apple Podcasts |