Open Source Summit Europe 2024

The distributed development effort across individual teams to build secure software in a constantly evolving security threat landscape results in massive duplication of CI/CD automation work and inconsistent security and compliance postures across teams. The solution is to standardize the CI/CD security & compliance automation for development teams and centralize platform operations and maintenance. Our centralized CI/CD platform prevents software security problems from reaching production systems and streamlines compliance audits using built-in DevSecOps practices. Tekton is used as the open source orchestrator to standardize CI/CD and contribute open source enhancements through our valued ecosystem partnerships to benefit all users. The platform includes open source scanning tools such as Clair for OSS threat intelligence, SonarQube for SAST, and OWASP ZAP for DAST. The platform also extends the traditional CI and CD pipelines with a Continuous Compliance (CC) pipeline which ensures that deployed applications are scanned for new vulnerabilities on a daily basis with unique capabilities to auto remediate identified vulnerabilities and auto close resolved incident issues.