Loading…
This event has ended. Visit the official site or create your own event on Sched.
Sessions will be available during their listed time, and then on demand on the platform after the initial 24 hours of straight content!

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for GitLab Commit: Virtual 2020 to participate in the sessions. If you have not registered but would like to join us, please register and attend here.  Space in sessions is unlimited so advance sign-up is not necessary, it is just a convenience offered to guests.

To save a schedule you need to be logged in Sched, but this is not tied to your event registration. You do not need to be logged in to view the schedule.

Reminder: Sched is not the event platform, it is the schedule

Please note: This schedule is automatically displayed in Pacific Time (PT). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above “Filter by Date.”

Back To Schedule
Wednesday, August 26 • 20:14 - 20:39
How to Build a Compromise-Resilient CI/CD

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Feedback form is now closed.
CI/CD is critical to any DevOps operation today, but when attackers compromise it, they get to distribute malicious software to millions of unsuspecting users. We present how Datadog used TUF and in-toto to develop, to the best of our knowledge, the industry’s first end-to-end verified pipeline that automatically builds integrations for the Datadog agent. That is, even if this pipeline is compromised, users should not be able to install malware. We will show a demonstration of our pipeline in production being used to protect users of the Datadog agent, and describe how you can use TUF + in-toto to secure your own pipeline.
Speakers
avatar for Trishank Karthik Kuppusamy

Trishank Karthik Kuppusamy

Staff Security Engineer, Datadog
Trishank Karthik Kuppusamy is currently Staff Security Engineer at Datadog. He helped to develop TUF, Uptane (a variant of TUF for ground vehicles), and in-toto (a sister project for securing software supply chains).

GitLab Commit 2020 How to build compromise resilient CI CD – Trishank Kuppusamy pdf
Wednesday August 26, 2020 20:14 - 20:39 PDT
Magenta Stage
  Compliance

Attendees (121)