A Developer Advocate at Bitrise has more than 12 years of experience across development and testing roles across industries including agriculture, telecom, healthcare, fashion, and food delivery.
DevSecOps: Injecting Security into Android CI/CD Pipelines
15:20 > 40 min
Development, testing, and deployment aren't the only aspects of Mobile DevOps. Security must also be integrated into the entire lifecycle of mobile app releases in order to fully exploit the agility and responsiveness of the Mobile DevOps approach. As a result of today's collaborative Mobile DevOps approach, security becomes a shared responsibility integrated from the start of the process. We call this principle "DevSecOps" to highlight that all DevOps initiatives must be founded on a solid security foundation. Mobile DevOps integrates security as a shared responsibility throughout the entire development lifecycle with DevSecOps culture, automation, and platform design. To ensure that we do not have any security vulnerabilities before releasing mobile apps to our customers, I will be discussing Mobile DevOps in this presentation and how we can integrate the automated security checks for our mobile apps into the Android CI/CD pipelines. In this talk, I will cover: - Shift-left testing in mobile apps. - DevOps VS. DevSecOps - Choose the suitable security testing methods - Mobile App Security Checklist - OWASP Mobile Application Security Verification Standards - Add Automated Security Tests to the pipeline I give this talk before with Android Worldwide But in Droidcon I will add more demos using a different set of tools for static and dynamic security testing.