SE Radio 575: Nir Valtman on Pipelineless Security : Software Engineering Radio

Nir Valtman, co-Founder and CEO at Arnica, discusses pipelineless security with SE Radio host Priyanka Raghavan. They start by defining pipelines and then consider how to add security. Nir lays out the key challenges in getting good code coverage with the pipeline-based approach, and then describes how to implement a pipelineless approach and the advantages it offers. Priyanka quizzes him on the concept of “zero new hardcoded secrets,” as well as some ways to protect GitHub repositories, and Nir shares examples of how a pipelineless approach could help in these scenarios. They then discuss false positives and handling developer fatigue in dealing with alerts. The show ends with some discussion around the product that Arnica offers and how it implements the pipelineless methodology.

Related Links

Previous SE Radio Episodes

1. 288 – Francois Reynaud on DevSecOps

2. 541 – Jordan Harband and Donald Fischer on Securing the Supply Chain

3. 559 – Ross Anderson on Software Obsolescence

4. 514 – Vandana Verma on the OWASP Top-10

5. 475 – Rey Bango on Secure Coding Veracode

6. 498 – James Socol on Continuous Integration and Continuous Delivery

References

1. What is pipelineless security? (blog post)

2. What is an sbom, what is it not, and do you need one (blog post)

3. How to Reduce Code Risk Using Pipelineless Security

4. Arnica’s Real-time Code Risk-Scanning Tools Aim to secure Supply Chain.html

5. What is CI/CD Security?

6. https://github.com/arnica-ext/GitGoat

7. Linkedin: valtmanir

Podcast: Play in new window | Download

Subscribe: Apple Podcasts |