What we're about

Welcome to Full-stack Developers Israel by Tikal. In this meetup group, we host meetups about the latest trends and technologies on the Tech Radar - https://www.tikalk.com/radar
Have an idea for a talk? We'd love to hear about it - Submit your CFP!

You can always find recordings of our talks and workshops on our channel: https://www.youtube.com/c/FullStackDevelopersIsrael

Follow us on Facebook, LinkedIn, and Medium:
https://www.facebook.com/groups/fullstack.developers.israel/
https://www.linkedin.com/groups/2447570/
https://medium.com/everything-full-stack

Buy your Tickets for the Tech event of 2022- TechRadarCon22 14/11/2022

We are always looking for excellent people to join us. Check out our job openings -  https://www.tikalk.com/career

Upcoming events (1)

From YAML to cluster: Securing CICD pipelines

Needs a location

When: Wednesday, November 30, 2022 @ 6pm
Where: Intel Ignite, Menachem Begin 132, Triangle Tower, Azrieli , Tel Aviv
🛑 Please confirm your registration here (RSVP is not enough!) >>tkl.to/Meetup_Nov

DevOps and modern engineering have enabled us to provide higher quality code at greater speeds by introducing guardrails and checks into our automated continuous integration (CI) and continuous deployment (CD) processes. However, with security becoming a more pressing matter as more critical zero-day threats arise and misconfigurations are introduced to production systems, while at the same time as application and development processes all moving to more automated CI/CD processes––this is becoming a critical point for enforcing security validations and checks.
In this meetup we will discuss industry frameworks and best practices for applying security gates in your CI, and later CD. We will provide a practical guide and a live demo for doing so in cloud native environments, and particularly Kubernetes environments.

On the Agenda

18:00-18:30 Socializing, mingling, and of course delicious snacks 🍕🍺

18:30-19:15 Building a {Secure} by-design pipeline with an {open- source} stack //Rotem Refael, Director of Engineering, ARMO

CI/CD has become the core of all engineering organizations, particularly as engineering velocity increases, the number of services that are managed, deployed & updated constantly & the diversity of 3rd-party applications our pipelines integrate with. That is why ensuring the security of our CI/CD pipeline is no longer “nice to have”, but a critical piece when delivering our software to production.
In this talk we’d like to walk you through the process of building an end-to-end secure pipeline, and the gotchas to look out for when it comes to pipeline security - from misconfigurations in IaC & YAML, to overly permissive CPU limits, and even insecure tagging between dev & prod.

We’ll take a deep dive on how we secure our code & configuration, the pipeline itself & its integrations (SBOM), our K8s deployments, and ensure that we have continuous visibility with the right monitoring controls in place. All this will be demoed as code with a tried & true open source stack––from VSCode to Helm for the code & config, to Jenkins & CircleCI for the pipelines, best practices for deployment security, and how to bake in good observability with Prometheus & Lens. We’ll wrap up with some recommended extensions to help secure our pipelines by design, without changing our deployment structure.

Few words about Rotem:
Rotem is Director of Engineering at ARMO, where she contributes to the Kubescape open source project, as well as other open source projects, as a staunch and passionate supporter of making open source security better and more accessible for everyone. Rotem is an engineering veteran, with experience as a software developer, architect, product manager, with a focus on the security discipline. She has many years of experience in all aspects of Kubernetes engineering from deployment across various environments, through monitoring––with specific expertise in working with Prometheus and its open source suite––as well as bringing deep know-how in all aspects of IaC, driving best practices and methods wherever she goes.

19:15-20:00 Kube Security Shifting left // Haggai Philip Zagury, DevOps Architect, Group & Tech Lead at Tikal

As kubernetes matures into the standard de facto Operating System of the Cloud, in addition to a shift in deployment methods such as GitOps and Continuous delivery paradigms - automation of security is one of our main concerns

The security policy alignment starts from the CI/CD pipelines, and continues to runtime security solutions.
In this talk, we will introduce a few solutions built around kubernetes from the early stages of the CI/CD pipelines through runtime application security models which we are seeing from many companies on the security vertical.

  • Scanning tools [ static ]
  • Runtime [ pro-active, permissive ]

Few words about Haggai:
Haggai is a DevOps Architect, Group & TechLead at Tikal, for the past 15 years Haggai’s has provided solutions in the domains of Ci/CD, Configuration Management and Security.
And in the past ~4 years specialized in Kubernetes based deployment schemes.

🛑 Please confirm your registration here (RSVP is not enough!) >>tkl.to/Meetup_Nov

2

Past events (237)

The DevOps Architect Journey: From Perl to GoLang

This event has passed

Photos (1,831)