Mar 29
Loading video player...
We are breaking down the "Complete Deep-Dive Guide" by DevOps Shack to show you how to shift security left—moving automated security checks earlier in your development process. If you want to stop treating security as a bottleneck and start treating it as a continuous, automated process, this video is for you.We cover a wide range of topics including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), Secrets Management, Runtime Security, and Infrastructure as Code (IaC) Security. 0:00 - Introduction to DevSecOps & Shifting Left 1:30 - Snyk (Dependency Security) 3:00 - SonarQube (Static Code Analysis) 4:30 - Trivy (Container & IaC Scanner) 6:00 - OWASP ZAP (Dynamic App Security Testing) 7:30 - HashiCorp Vault (Secrets Management) 9:00 - Falco (Runtime Security) 10:30 - Checkov (IaC Security Scanning) 11:45 - Sentinel (Policy as Code) 13:00 - OWASP Dependency-Check (Dependency Auditing) 14:15 - Aqua Security (Cloud-Native Security) 15:30 - Building the Ultimate CI/CD Pipeline