Lessons Learned

GitHub DevSecOps Part 12: Our Recommendations and Lessons Learned

13 June 2023·5 mins

DevSecOps GitHub CI/CD DevOps Best Practices Lessons Learned GitHub Actions Vulnerability Management

After eleven sessions building a full DevSecOps pipeline with GitHub — covering Software Composition Analysis, License Compliance, SAST, Container Scanning, Secret Detection, DAST, Pull Requests, Scheduled Pipelines, and Vulnerability Management — Patrick Steger and I close the series with our recommendations. What works on GitHub, where the gaps are, and what we would tell anyone setting out to build the same pipeline.

GitLab DevSecOps Part 12: Our Recommendations and Lessons Learned

16 November 2022·4 mins

DevSecOps GitLab CI/CD DevOps Best Practices Lessons Learned Vulnerability Management Secret Management

After eleven sessions building a full DevSecOps pipeline with GitLab — from Software Composition Analysis to Container Scanning, SAST, Secret Detection, DAST, merge request integration, and scheduled pipelines — Patrick Steger and I close the series with our recommendations. What worked, what tripped us up, and what we would tell anyone setting out to build the same pipeline today.

↑