Discover how IBM is rethinking the coding lifecycle and DevOps, with tools and approaches designed to streamline workflows, accelerate delivery, and enhance developer productivity.

30-minute talk on the evolving threat landscape around Helm charts in public repositories. We’ll discuss real-world incidents such as the Codecov supply chain attack and hypothetical attack vectors like 'ChartSploit', highlighting how seemingly benign configurations can be exploited. Topics include anatomy of vulnerable charts, risk areas (RBAC misconfigurations, dependency vulnerabilities), and actionable strategies to secure Kubernetes environments—auditing deployments, verifying chart integrity, enforcing strict access controls, and adopting DevSecOps practices.

Join Jeffery Payne and Thomas Stiehm from Coveros as they discuss the business need for a comprehensive DevSecOps program and how GitHub GHAS and Copilot can be used end-to-end in your SDLC to accelerate the delivery of secure and reliable applications. Learn how GHAS and Copilot support more than vulnerability identification and remediation, why code scanning is necessary but insufficient for finding vulnerabilities, using Copilot to support early lifecycle risk management activities, and automating governance processes within the GitHub platform.

Join Jeffery Payne and Thomas Stiehm from Coveros as they discuss the business need for a comprehensive DevSecOps program and how GitHub GHAS and Copilot can be used end-to-end in your SDLC to accelerate the delivery of secure and reliable applications. What You’ll Learn: • How GHAS and Copilot support much more than vulnerability identification and remediation. • Understand why code scanning is necessary but insufficient for finding vulnerabilities. • Using Copilot to support early lifecycle risk management activities • How to effectively automate your governance processes within the GitHub platform. Take home valuable information on structuring and running a DevSecOps program using GitHub GHAS and Copilot.

Join Elli in an exploration of DevSecOps excellence with Microsoft's integrated solution, uniting Azure DevOps and GitHub. Delve into the seamless integration that propels your security practices, emphasizing a "Shift Security Left" approach. Learn how to increase developer velocity while embedding robust security measures throughout your code lifecycle. Uncover the comprehensive suite of tools, effortlessly migrate repositories, and fortify your DevOps journey with Microsoft's unified solution.