Nir Valtman, co-Founder and CEO at Arnica, discusses pipelineless safety with SE Radio host Priyanka Raghavan. They begin by defining pipelines after which contemplate tips on how to add safety. Nir lays out the important thing challenges in getting good code protection with the pipeline-based strategy, after which describes tips on how to implement a pipelineless strategy and the benefits it provides. Priyanka quizzes him on the idea of “zero new hardcoded secrets and techniques,” in addition to some methods to guard GitHub repositories, and Nir shares examples of how a pipelineless strategy may assist in these situations. They then talk about false positives and dealing with developer fatigue in coping with alerts. The present ends with some dialogue across the product that Arnica provides and the way it implements the pipelineless methodology.

Associated Hyperlinks

Earlier SE Radio Episodes

1. 288 – Francois Reynaud on DevSecOps

2. 541 – Jordan Harband and Donald Fischer on Securing the Provide Chain

3. 559 – Ross Anderson on Software program Obsolescence

4. 514 – Vandana Verma on the OWASP Prime-10

5. 475 – Rey Bango on Safe Coding Veracode

6. 498 – James Socol on Steady Integration and Steady Supply

References

1. What’s pipelineless safety? (weblog submit)

2. What’s an sbom, what’s it not, and do you want one (weblog submit)

3. The way to Scale back Code Threat Utilizing Pipelineless Safety

4. Arnica’s Actual-time Code Threat-Scanning Instruments Goal to safe Provide Chain.html

5. What’s CI/CD Safety?

6. https://github.com/arnica-ext/GitGoat

7. Linkedin: valtmanir

Podcast: Play in new window | Obtain

Subscribe: Apple Podcasts |