Loading…
This event has ended. Visit the official site or create your own event on Sched.
Sessions will be available during their listed time, and then on demand on the platform after the initial 24 hours of straight content!

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for GitLab Commit: Virtual 2020 to participate in the sessions. If you have not registered but would like to join us, please register and attend here.  Space in sessions is unlimited so advance sign-up is not necessary, it is just a convenience offered to guests.

To save a schedule you need to be logged in Sched, but this is not tied to your event registration. You do not need to be logged in to view the schedule.

Reminder: Sched is not the event platform, it is the schedule

Please note: This schedule is automatically displayed in Pacific Time (PT). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above “Filter by Date.”

Back To Schedule
Wednesday, August 26 • 20:14 - 20:39
How to Build a Compromise-Resilient CI/CD

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
CI/CD is critical to any DevOps operation today, but when attackers compromise it, they get to distribute malicious software to millions of unsuspecting users. We present how Datadog used TUF and in-toto to develop, to the best of our knowledge, the industry’s first end-to-end verified pipeline that automatically builds integrations for the Datadog agent. That is, even if this pipeline is compromised, users should not be able to install malware. We will show a demonstration of our pipeline in production being used to protect users of the Datadog agent, and describe how you can use TUF + in-toto to secure your own pipeline.

Speakers
avatar for Trishank Karthik Kuppusamy

Trishank Karthik Kuppusamy

Staff Security Engineer, Datadog
Trishank Karthik Kuppusamy is a Staff Security Engineer at Datadog. His R&D work on securing software updates and supply chains is being used in applications ranging from automobiles to cloud computing (e.g., Datadog Agent, CNAB Security, Docker Content Trust) to operating systems... Read More →



Wednesday August 26, 2020 20:14 - 20:39 PDT
Magenta Stage