Bringing People, Process and Technology together!

We are entering the age of the industrialization of software development. The Digital Factory together with Platform Engineering will help industrialize digital product development across teams to efficiently develop products and improve the lives of our staff, time to market, quality, and alignment ▬▬▬▬▬▬ T I M E S T A M P S ⏰ ▬▬▬▬▬▬ 0:00 Intro 0:25 Preamble 0:37 About Romano 2:40 What are today's challenges? 4:54 What is DevOps? 5:27 Who is DevOps? 6:50 The benefits of the DevOps 7:56 But how do you scale DevOps? 8:12 What does DevOps look like?... 9:03 ...at scale? 9:53 The continuous delivery pipeline 11:00 What the platform vendors promise... 11:22 What the continuous delivery pipeline with a platform looks like 11:54 Modern software development is a continuous processs across the value stream 12:44 The cognitive load is too high 14:19 Can you scale DevOps? 19:47 Digital factory requires a foundation 20:51 Platform engineering enables DevOps in product teams 22:11 Delivering complex products requires a holistic approach 24:07 We are entering the age of industrialization of software development ▬▬▬▬▬▬ L I N K S 🔗▬▬▬▬▬▬ Conf42: https://www.conf42.com/ Original Video: https://youtu.be/czBslOClK1E?si=wVv6IlQxwpHqjIbV Read the abstract: https://www.conf42.com/Platform_Engineering_2023_Romano_Roth_the_digital_factory Other sessions at this event: https://www.conf42.com/platform2023 Join Discord: https://discord.gg/DnyHgrC7jC ▬▬▬▬▬▬ S U B S C R I B E 🔔 ▬▬▬▬▬▬ ╔═╦╗╔╦╗╔═╦═╦╦╦╦╗╔═╗ ║╚╣║║║╚╣╚╣╔╣╔╣║╚╣═╣ ╠╗║╚╝║║╠╗║╚╣║║║║║═╣ ╚═╩══╩═╩═╩═╩╝╚╩═╩═╝ https://www.youtube.com/channel/UCXvlc9x4zlv5DEqbby55Ivg?sub_confirmation=1 ▬▬▬▬▬▬ Connect with me 👋 ▬▬▬▬▬▬ LINKEDIN ► https://www.linkedin.com/in/romanoroth/ TWITTER ► https://twitter.com/RomanoRoth INSTAGRAM ► https://www.instagram.com/romanoroth/ FACEBOOK ►https://www.facebook.com/romanoroth/ MEETUP ► https://www.meetup.com/de-DE/DevOps-Meetup-Zurich/ CONFERNCE ►https://www.devopsdays.ch/ HOMEPAGE ► https://www.romanoroth.com/ ▬▬▬▬▬▬ P L A Y L I S T S ▶️ ▬▬▬▬▬▬ Modern Software Engineering https://www.youtube.com/playlist?list=PLrsbMazVPK_rb56rZQr2fyBGR3cyanZpX DevOps https://www.youtube.com/playlist?list=PLrsbMazVPK_ro3fn1G-3Ui2mBPHxOD9kF GitLab: Build a DevSecOps Pipeline https://www.youtube.com/playlist?list=PLrsbMazVPK_qhf3ahA_zRPlwBaGGhSu2P #devsecops #devops #github #romanoroth

Peter Nijenhuis and I are thrilled to share our latest podcast episode: "𝐇𝐨𝐰 𝐓𝐨 𝐃𝐞𝐚𝐥 𝐖𝐢𝐭𝐡 𝐑𝐞𝐬𝐢𝐬𝐭𝐚𝐧𝐜𝐞?" 🙅 Navigating through 𝐀𝐠𝐢𝐥𝐞 and 𝐃𝐞𝐯𝐎𝐩𝐬 𝐭𝐫𝐚𝐧𝐬𝐟𝐨𝐫𝐦𝐚𝐭𝐢𝐨𝐧𝐬 isn't just about tools and processes; it's about people and their reactions to change. We dive deep into our personal experiences, challenges faced, and strategies we've employed to overcome resistance. Whether you're leading a transformation or just curious about the human side of tech change, this episode is for you! 🔍 Key Questions: 📌Do you need to address resistance differently when it comes to resistance from a manager and resistance from a team member? 📌 Do you need to adjust your communication style and choose wording carefully when you want to address this resistance? 📌 What kind of skillset is required when you want to deal with resistance? 📌 What could be the cause of the resistance that the person is showing? If you've ever faced pushback or resistance in your projects or initiatives, this one's for you. Give it a listen, and let's start a conversation! Drop your thoughts, experiences, or questions below. ⬇️ ▬▬▬▬▬▬ T I M E S T A M P S ⏰ ▬▬▬▬▬▬ 00:00 Intro 00:05 Welcome 00:15 Romano Roth 01.07 Peter Nijenhuis 02.02 How to deal with resistance 02:20 Do you need to address resistance differently when it comes to resistance from a manager and resistance from a team member? 07:22 Do you need to adjust your communication style and choose wording carefully when you want to address this resistance? 14:33 What kind of skillset is required when you want to deal with resistance? 22:05 What could be the cause of the resistance that the person is showing? 28:03 Summary 28:38 Win a price 29:46 End ▬▬▬▬▬▬ L I N K S 🔗▬▬▬▬▬▬ Peter Nijenhuis https://www.linkedin.com/in/peter-nijenhuis-%E2%9C%93-lion-0b83751/ ▬▬▬▬▬▬ Want to learn more? 🚀 ▬▬▬▬▬▬ How to survive Game of Thrones in the workplace: A guide for conflict management https://youtu.be/8f8liIwVakc?si=x6R5ai05fkfZ1D3Z ▬▬▬▬▬▬ S U B S C R I B E 🔔 ▬▬▬▬▬▬ ╔═╦╗╔╦╗╔═╦═╦╦╦╦╗╔═╗ ║╚╣║║║╚╣╚╣╔╣╔╣║╚╣═╣ ╠╗║╚╝║║╠╗║╚╣║║║║║═╣ ╚═╩══╩═╩═╩═╩╝╚╩═╩═╝ https://www.youtube.com/channel/UCXvlc9x4zlv5DEqbby55Ivg?sub_confirmation=1 ▬▬▬▬▬▬ Connect with me 👋 ▬▬▬▬▬▬ LINKEDIN ► https://www.linkedin.com/in/romanoroth/ TWITTER ► https://twitter.com/RomanoRoth INSTAGRAM ► https://www.instagram.com/romanoroth/ FACEBOOK ►https://www.facebook.com/romanoroth/ MEETUP ► https://www.meetup.com/de-DE/DevOps-Meetup-Zurich/ CONFERNCE ►https://www.devopsdays.ch/ HOMEPAGE ► https://www.romanoroth.com/ ▬▬▬▬▬▬ P L A Y L I S T S ▶️ ▬▬▬▬▬▬ Modern Software Engineering https://www.youtube.com/playlist?list=PLrsbMazVPK_rb56rZQr2fyBGR3cyanZpX DevOps https://www.youtube.com/playlist?list=PLrsbMazVPK_ro3fn1G-3Ui2mBPHxOD9kF GitLab: Build a DevSecOps Pipeline https://www.youtube.com/playlist?list=PLrsbMazVPK_qhf3ahA_zRPlwBaGGhSu2P #devsecops #devops #romanoroth

Recording of the Talk "How to architect for continuous delivery" at The DEVOPS Conference - Global 2023 Let's explore the importance of continuous delivery and how you can architect your system for it. By taking a step back and looking at the bigger picture, we can design a system that enables us to deliver code changes frequently and reliably. In this talk, Romano Roth covers the key principles of continuous delivery, the benefits it brings, and how to architect your system for it. ▬▬▬▬▬▬ T I M E S T A M P S ⏰ ▬▬▬▬▬▬ 00:00 Intro 00:04 How to architect for continous delivery? 00:12 About myself 02:20 Today's challenges 04:45 Where do these challenges come from? 05:35 Project vs Product 06:51 What is DevOps? 07:29 Who is DevOps? 08:36 DevOps 08:51 The sience behind DevOps 09:57 How to measure the software delivery performance? 10:34 The DORA Metrics 12:38 DevOps benefits 2019 13:50 DevOps benefits 2021 14:09 Summary of benefits of DevOps 14:32 What are the challenges when you scale DevOps? 14:44 What does DevOps look at scale? 15:02 DevOps Silo 15:33 How DevOps looks at scale 16:45 The continous deleivery pipeline 17:42 What the platform vendors promise 17:56 What a Continuous Delivery Pipelien with a platform looks like 18:31 Modern Software Development 19:14 The cognitive load is too high 21:04 How to scale Devops and architect for continous delivery? 21:13 The digital factory 21:50 Platform Engineering Scales the Platform 22:48 Platform Engineering Enables DevOps in Product Teams 23:54 Platform Engineering Enables DevOps 24:20 We are entering the age of industralization of Software Development 25:30 Questions 38:38 End ▬▬▬▬▬▬ L I N K S 🔗▬▬▬▬▬▬ Original Video: https://youtu.be/y-R5NfrbfWo The DevOps Conference: https://www.thedevopsconference.com/ ▬▬▬▬▬▬ S U B S C R I B E 🔔 ▬▬▬▬▬▬ ╔═╦╗╔╦╗╔═╦═╦╦╦╦╗╔═╗ ║╚╣║║║╚╣╚╣╔╣╔╣║╚╣═╣ ╠╗║╚╝║║╠╗║╚╣║║║║║═╣ ╚═╩══╩═╩═╩═╩╝╚╩═╩═╝ https://www.youtube.com/channel/UCXvlc9x4zlv5DEqbby55Ivg?sub_confirmation=1 ▬▬▬▬▬▬ Connect with me 👋 ▬▬▬▬▬▬ LINKEDIN ► https://www.linkedin.com/in/romanoroth/ TWITTER ► https://twitter.com/RomanoRoth INSTAGRAM ► https://www.instagram.com/romanoroth/ FACEBOOK ►https://www.facebook.com/romanoroth/ MEETUP ► https://www.meetup.com/de-DE/DevOps-Meetup-Zurich/ CONFERNCE ►https://www.devopsdays.ch/ HOMEPAGE ► https://www.romanoroth.com/ ▬▬▬▬▬▬ P L A Y L I S T S ▶️ ▬▬▬▬▬▬ Modern Software Engineering https://www.youtube.com/playlist?list=PLrsbMazVPK_rb56rZQr2fyBGR3cyanZpX DevOps https://www.youtube.com/playlist?list=PLrsbMazVPK_ro3fn1G-3Ui2mBPHxOD9kF GitLab: Build a DevSecOps Pipeline https://www.youtube.com/playlist?list=PLrsbMazVPK_qhf3ahA_zRPlwBaGGhSu2P #devsecops #devops #romanoroth

Which Is Better? GitHub or GitLab? You'll Be Shocked by the Answer! During the last months, Paddi and I have analysed intensively GitHub and GitHub. We have produced a dedicated video series with 12 videos for each platform. A total of 24 videos! In this video, we present a comprehensive overview of our findings and offer our expert recommendations. ▬▬▬▬▬▬ T I M E S T A M P S ⏰ ▬▬▬▬▬▬ 00:00 Welcome 00:25 Intro 00:30 Overview 02:00 Background 04:01 Feature Comparison 04:09 Number of users 04:18 Deployment options 04:26 Price 05:09 Open/Close Source 05:18 SLA 05:32 Personal Use 06:10 Enterprise Use 07:26 Ease to learn 08:07 Documentation 09:09 On Platform Code edit 09:28 Power of pipeline 12:28 Out-of-box Security tools 13:30 Vulnerability Management 16:53 Secret Management 18:18 Supply Chain Risk 19:15 Custom Tool Integration 20:11 Merge/Pull Request support 25:30 GitLab: Our wishes for improvement. 29:58 GitHub: Our wishes for improvement. 35:39 Summary GitLab and GitHub 39:26 Final thoughts GitLab vs GitHub 40:51 Outro ▬▬▬▬▬▬ L I N K S 🔗▬▬▬▬▬▬ Source Code GitHub https://github.com/romanoroth/GitHubDevSecOps Source Code GitLab https://gitlab.com/romano_roth/gitlabdevsecopspipeline Blog-Post https://www.romanoroth.com/post/gitlab-vs-github-devsecops GitHub https://github.com/ Patrick Steger https://www.linkedin.com/in/patrick-steger-ch/ ▬▬▬▬▬▬ Want to learn more? 🚀 ▬▬▬▬▬▬ GitHub GitHub: DevSecOps: Part 1/12: What is GitHub? The fundamental concepts of a DevSecOps pipeline. https://youtu.be/_m5KYEi1ThA GitHub: DevSecOps: Part 2/12: Introduction to GitHub https://youtu.be/6ZdxXDu8ZDA GitHub: DevSecOps: Part 3/12: Learn How to Use SCA (Software Composition Analysis) https://youtu.be/xM3elerxjYo GitHub: DevSecOps: Part 4/12: How to ensure License Compliance? https://youtu.be/l7IBh2xkDcQ GitHub: DevSecOps: Part 5/12: Protect your Apps with Static Application Security Testing (SAST) https://youtu.be/p4xS2X5KsNk GitHub: DevSecOps: Part 6/12: How to use Container Scanning https://youtu.be/_ZeKh3GcbgU GitHub: DevSecOps: Part 7/12: How to find secrets in your own code with Secret Scanning https://youtu.be/k-uuPTLNXGM GitHub: DevSecOps: Part 8/12: How to use Dynamic Application Security Testing (DAST) https://youtu.be/v_xo1kgNYsE GitHub: DevSecOps: Part 9/12: Vulnerability Management https://youtu.be/p4ldky64jxE GitHub: DevSecOps: Part 10/12: Branch Protection and Pull Requests https://youtu.be/xsLCR7b4u9k GitHub: DevSecOps: Part 11/12: How to do Schedule pipeline in GitHub https://youtu.be/Yy3KAloE5e0 GitHub: DevSecOps: Part 12/12: How to build a DevSecOps pipeline with GitHub: Our Recommendations https://youtu.be/zCxZhVTUpNE GitLab Session 1: What is GitLab 🦊? | The fundamental concepts https://youtu.be/sHK8uN5fBhs Session 2: Introduction to GitLab 🦊 | Creating a simple project https://youtu.be/GQ3x9bkCK90 Session 3: What is Software Composition Analysis (SCA) 🧩 in GitLab? https://youtu.be/l69W5Ym_M5o Session 4: How to ensure License Compliance 📜 in GitLab? https://youtu.be/Kmbj_PCiHyk Session 5: How to do Static Application Security Testing (SAST) 🛡️ in GitLab? https://youtu.be/owwIMUamdDc Session 6: How to do Container Scanning 📦 in GitLab? https://youtu.be/1AUKQ32K6D4 Session 7: What is Secret Detection 🤫? https://youtu.be/Qs28ONnj00s Session 8: Dynamic Application Security Testing (DAST) https://youtu.be/Jy1OiuPZrKs Session 9: What is Vulnerability Management 📝? https://youtu.be/XSrlVyv0H1c Session 10: How to do a Merge Request in GitLab https://youtu.be/h4AN7S2gwug Session 11: How to do a Schedule Pipeline in GitLab? https://youtu.be/PqPW3zQeP94 Session 12: Our Recommendations https://youtu.be/dphgw9xxjuw ▬▬▬▬▬▬ S U B S C R I B E 🔔 ▬▬▬▬▬▬ ╔═╦╗╔╦╗╔═╦═╦╦╦╦╗╔═╗ ║╚╣║║║╚╣╚╣╔╣╔╣║╚╣═╣ ╠╗║╚╝║║╠╗║╚╣║║║║║═╣ ╚═╩══╩═╩═╩═╩╝╚╩═╩═╝ https://www.youtube.com/channel/UCXvlc9x4zlv5DEqbby55Ivg?sub_confirmation=1 ▬▬▬▬▬▬ Connect with me 👋 ▬▬▬▬▬▬ LINKEDIN ► https://www.linkedin.com/in/romanoroth/ TWITTER ► https://twitter.com/RomanoRoth INSTAGRAM ► https://www.instagram.com/romanoroth/ FACEBOOK ►https://www.facebook.com/romanoroth/ MEETUP ► https://www.meetup.com/de-DE/DevOps-Meetup-Zurich/ CONFERNCE ►https://www.devopsdays.ch/ HOMEPAGE ► https://www.romanoroth.com/ ▬▬▬▬▬▬ P L A Y L I S T S ▶️ ▬▬▬▬▬▬ Modern Software Engineering https://www.youtube.com/playlist?list=PLrsbMazVPK_rb56rZQr2fyBGR3cyanZpX DevOps https://www.youtube.com/playlist?list=PLrsbMazVPK_ro3fn1G-3Ui2mBPHxOD9kF GitLab: Build a DevSecOps Pipeline https://www.youtube.com/playlist?list=PLrsbMazVPK_qhf3ahA_zRPlwBaGGhSu2P #devsecops #devops #github #romanoroth

How to build a DevSecOps pipeline with GitHub: Our Recommendations Session 12: In this video, Padi and I will present you our recommendations for setting up a DevSecOps Pipeline with GitHub. ▬▬▬▬▬▬ T I M E S T A M P S ⏰ ▬▬▬▬▬▬ 00:00 Welcome 00:15 Intro 00:21 Recommendations an summary 00:34 DevSecOps with GitHub 01:40 Our Recommendations 01:50 Create top level workflows and re-use workflows 02:41 Define on what branches to run pipelines. 02:56 Use scheduled pipelines 03:51 Use Pull Request 04:14 Protect your branch 05:06 Review the tools you source from the marketplace 05:52 Store your secrets in a secret management 06:36 Evaluate the Security tool 07:01 DAST: Customise the scanner configuration 07:26 Considering including a Secure Expert 07:32 Use a external Vulnarability Management 09:00 Summary 09:43 Outro ▬▬▬▬▬▬ L I N K S 🔗▬▬▬▬▬▬ Source Code https://github.com/romanoroth/GitHubDevSecOps Blog-Post https://www.romanoroth.com/post/gitlab-vs-github-devsecops GitHub https://github.com/ Patrick Steger https://www.linkedin.com/in/patrick-steger-ch/ ▬▬▬▬▬▬ Want to learn more? 🚀 ▬▬▬▬▬▬ GitHub: DevSecOps: Part 1/12: What is GitHub? The fundamental concepts of a DevSecOps pipeline. https://youtu.be/_m5KYEi1ThA GitHub: DevSecOps: Part 2/12: Introduction to GitHub https://youtu.be/6ZdxXDu8ZDA GitHub: DevSecOps: Part 3/12: Learn How to Use SCA (Software Composition Analysis) https://youtu.be/xM3elerxjYo GitHub: DevSecOps: Part 4/12: How to ensure License Compliance? https://youtu.be/l7IBh2xkDcQ GitHub: DevSecOps: Part 5/12: Protect your Apps with Static Application Security Testing (SAST) https://youtu.be/p4xS2X5KsNk GitHub: DevSecOps: Part 6/12: How to use Container Scanning https://youtu.be/_ZeKh3GcbgU GitHub: DevSecOps: Part 7/12: How to find secrets in your own code with Secret Scanning https://youtu.be/k-uuPTLNXGM GitHub: DevSecOps: Part 8/12: How to use Dynamic Application Security Testing (DAST) https://youtu.be/v_xo1kgNYsE GitHub: DevSecOps: Part 9/12: Vulnerability Management https://youtu.be/p4ldky64jxE GitHub: DevSecOps: Part 10/12: Branch Protection and Pull Requests https://youtu.be/xsLCR7b4u9k GitHub: DevSecOps: Part 11/12: How to do Schedule pipeline in GitHub https://youtu.be/Yy3KAloE5e0 ▬▬▬▬▬▬ S U B S C R I B E 🔔 ▬▬▬▬▬▬ ╔═╦╗╔╦╗╔═╦═╦╦╦╦╗╔═╗ ║╚╣║║║╚╣╚╣╔╣╔╣║╚╣═╣ ╠╗║╚╝║║╠╗║╚╣║║║║║═╣ ╚═╩══╩═╩═╩═╩╝╚╩═╩═╝ https://www.youtube.com/channel/UCXvlc9x4zlv5DEqbby55Ivg?sub_confirmation=1 ▬▬▬▬▬▬ Connect with me 👋 ▬▬▬▬▬▬ LINKEDIN ► https://www.linkedin.com/in/romanoroth/ TWITTER ► https://twitter.com/RomanoRoth INSTAGRAM ► https://www.instagram.com/romanoroth/ FACEBOOK ►https://www.facebook.com/romanoroth/ MEETUP ► https://www.meetup.com/de-DE/DevOps-Meetup-Zurich/ CONFERNCE ►https://www.devopsdays.ch/ HOMEPAGE ► https://www.romanoroth.com/ ▬▬▬▬▬▬ P L A Y L I S T S ▶️ ▬▬▬▬▬▬ Modern Software Engineering https://www.youtube.com/playlist?list=PLrsbMazVPK_rb56rZQr2fyBGR3cyanZpX DevOps https://www.youtube.com/playlist?list=PLrsbMazVPK_ro3fn1G-3Ui2mBPHxOD9kF GitLab: Build a DevSecOps Pipeline https://www.youtube.com/playlist?list=PLrsbMazVPK_qhf3ahA_zRPlwBaGGhSu2P #devsecops #devops #github #romanoroth

How to do a Schedule Pipeline in GitLab 📅? Session 11: In this video, Padi and I will show you how to configure a Schedule Pipeline for our DevSecOps pipeline in GitHub so that the pipeline run at regular intervals. ▬▬▬▬▬▬ T I M E S T A M P S ⏰ ▬▬▬▬▬▬ 00:00 Welcome 00:53 Intro 00:59 Scheduled Pipeline 01:07 DevSecOps with GitHub 01:49 Why do we need Schedule Pipeline? 03:20 Schedule Pipeline for Production 04:01 Schedule Pipeline Configuration 05:20 Demo 07:57 Scheduled Pipeline run 08:31 Summary 09:21 Outro ▬▬▬▬▬▬ L I N K S 🔗▬▬▬▬▬▬ Source Code https://github.com/romanoroth/GitHubDevSecOps Blog-Post https://www.romanoroth.com/post/gitlab-vs-github-devsecops GitHub https://github.com/ Patrick Steger https://www.linkedin.com/in/patrick-steger-ch/ ▬▬▬▬▬▬ Want to learn more? 🚀 ▬▬▬▬▬▬ GitHub: DevSecOps: Part 1/12: What is GitHub? The fundamental concepts of a DevSecOps pipeline. https://youtu.be/_m5KYEi1ThA GitHub: DevSecOps: Part 2/12: Introduction to GitHub https://youtu.be/6ZdxXDu8ZDA GitHub: DevSecOps: Part 3/12: Learn How to Use SCA (Software Composition Analysis) https://youtu.be/xM3elerxjYo GitHub: DevSecOps: Part 4/12: How to ensure License Compliance? https://youtu.be/l7IBh2xkDcQ GitHub: DevSecOps: Part 5/12: Protect your Apps with Static Application Security Testing (SAST) https://youtu.be/p4xS2X5KsNk GitHub: DevSecOps: Part 6/12: How to use Container Scanning https://youtu.be/_ZeKh3GcbgU GitHub: DevSecOps: Part 7/12: How to find secrets in your own code with Secret Scanning https://youtu.be/k-uuPTLNXGM GitHub: DevSecOps: Part 8/12: How to use Dynamic Application Security Testing (DAST) https://youtu.be/v_xo1kgNYsE GitHub: DevSecOps: Part 9/12: Vulnerability Management https://youtu.be/p4ldky64jxE GitHub: DevSecOps: Part 10/12: Branch Protection and Pull Requests https://youtu.be/Xf22eBxxgZ0 ▬▬▬▬▬▬ S U B S C R I B E 🔔 ▬▬▬▬▬▬ ╔═╦╗╔╦╗╔═╦═╦╦╦╦╗╔═╗ ║╚╣║║║╚╣╚╣╔╣╔╣║╚╣═╣ ╠╗║╚╝║║╠╗║╚╣║║║║║═╣ ╚═╩══╩═╩═╩═╩╝╚╩═╩═╝ https://www.youtube.com/channel/UCXvlc9x4zlv5DEqbby55Ivg?sub_confirmation=1 ▬▬▬▬▬▬ Connect with me 👋 ▬▬▬▬▬▬ LINKEDIN ► https://www.linkedin.com/in/romanoroth/ TWITTER ► https://twitter.com/RomanoRoth INSTAGRAM ► https://www.instagram.com/romanoroth/ FACEBOOK ►https://www.facebook.com/romanoroth/ MEETUP ► https://www.meetup.com/de-DE/DevOps-Meetup-Zurich/ CONFERNCE ►https://www.devopsdays.ch/ HOMEPAGE ► https://www.romanoroth.com/ ▬▬▬▬▬▬ P L A Y L I S T S ▶️ ▬▬▬▬▬▬ Modern Software Engineering https://www.youtube.com/playlist?list=PLrsbMazVPK_rb56rZQr2fyBGR3cyanZpX DevOps https://www.youtube.com/playlist?list=PLrsbMazVPK_ro3fn1G-3Ui2mBPHxOD9kF GitLab: Build a DevSecOps Pipeline https://www.youtube.com/playlist?list=PLrsbMazVPK_qhf3ahA_zRPlwBaGGhSu2P #devsecops #devops #github #romanoroth

What is Branch Protection and Pull Requests? Session 10: In this video, Padi and I will show you how to do a Pull Request (PR) to check the source code changes into a branch by using a DevSecOps pipeline build with GitHub. Pull requests are a huge part of a team's development process. It's the main gatekeeper preventing developers from throwing whatever they want into the default branch. ▬▬▬▬▬▬ T I M E S T A M P S ⏰ ▬▬▬▬▬▬ 00:00 Welcome 00:18 Intro 00:24 Branch Protection 00:33 DevSecOps with GitHub 02:02 What is a Branch? (Overview) 05:32 What is Branch Protection? 06:22 How to enable Branch Protection? 06:48 Best Practices - Pull Request 08:11 Demo: Reducing Security findings 10:53 Creating Pull Request 13:45 Configuring Branch Protection Rules 20:11 Pull Request with Branch Protection 24:17 Summary 24:53 Outro ▬▬▬▬▬▬ L I N K S 🔗▬▬▬▬▬▬ Source Code https://github.com/romanoroth/GitHubDevSecOps Blog-Post https://www.romanoroth.com/post/gitlab-vs-github-devsecops GitHub https://github.com/ Patrick Steger https://www.linkedin.com/in/patrick-steger-ch/ ▬▬▬▬▬▬ Want to learn more? 🚀 ▬▬▬▬▬▬ GitHub: DevSecOps: Part 1/12: What is GitHub? The fundamental concepts of a DevSecOps pipeline. https://youtu.be/_m5KYEi1ThA GitHub: DevSecOps: Part 2/12: Introduction to GitHub https://youtu.be/6ZdxXDu8ZDA GitHub: DevSecOps: Part 3/12: Learn How to Use SCA (Software Composition Analysis) https://youtu.be/xM3elerxjYo GitHub: DevSecOps: Part 4/12: How to ensure License Compliance? https://youtu.be/l7IBh2xkDcQ GitHub: DevSecOps: Part 5/12: Protect your Apps with Static Application Security Testing (SAST) https://youtu.be/p4xS2X5KsNk GitHub: DevSecOps: Part 6/12: How to use Container Scanning https://youtu.be/_ZeKh3GcbgU GitHub: DevSecOps: Part 7/12: How to find secrets in your own code with Secret Scanning https://youtu.be/k-uuPTLNXGM GitHub: DevSecOps: Part 8/12: How to use Dynamic Application Security Testing (DAST) https://youtu.be/v_xo1kgNYsE GitHub: DevSecOps: Part 9/12: Vulnerability Management https://youtu.be/p4ldky64jxE ▬▬▬▬▬▬ S U B S C R I B E 🔔 ▬▬▬▬▬▬ ╔═╦╗╔╦╗╔═╦═╦╦╦╦╗╔═╗ ║╚╣║║║╚╣╚╣╔╣╔╣║╚╣═╣ ╠╗║╚╝║║╠╗║╚╣║║║║║═╣ ╚═╩══╩═╩═╩═╩╝╚╩═╩═╝ https://www.youtube.com/channel/UCXvlc9x4zlv5DEqbby55Ivg?sub_confirmation=1 ▬▬▬▬▬▬ Connect with me 👋 ▬▬▬▬▬▬ LINKEDIN ► https://www.linkedin.com/in/romanoroth/ TWITTER ► https://twitter.com/RomanoRoth INSTAGRAM ► https://www.instagram.com/romanoroth/ FACEBOOK ►https://www.facebook.com/romanoroth/ MEETUP ► https://www.meetup.com/de-DE/DevOps-Meetup-Zurich/ CONFERNCE ►https://www.devopsdays.ch/ HOMEPAGE ► https://www.romanoroth.com/ ▬▬▬▬▬▬ P L A Y L I S T S ▶️ ▬▬▬▬▬▬ Modern Software Engineering https://www.youtube.com/playlist?list=PLrsbMazVPK_rb56rZQr2fyBGR3cyanZpX DevOps https://www.youtube.com/playlist?list=PLrsbMazVPK_ro3fn1G-3Ui2mBPHxOD9kF GitLab: Build a DevSecOps Pipeline https://www.youtube.com/playlist?list=PLrsbMazVPK_qhf3ahA_zRPlwBaGGhSu2P #devsecops #devops #github #romanoroth

How to do Vulnerability Management in GitHub? Session 9: In this video, Padi and I will show you how to manage and track the vulnerabilities with the GitHub Vulnerability Management (Security Tab). Vulnerability Management is the recurring process of identifying, classifying, prioritizing, mitigating, and remediating vulnerabilities ▬▬▬▬▬▬ T I M E S T A M P S ⏰ ▬▬▬▬▬▬ 00:00 Welcome 00:14 Intro 00:20 How to deal with all these vulnerabilities? 00:40 DevSecOps with GitHub 01:10 Vulnerability Management in GitHub (Security Tab) 02:02 Vulnerability Management Capabilities in GitHub 04:03 Vulnerability Management Limitations in GitHub 06:41 Security Tab 06:58 Secret Scanning 08:26 Coding Scanning 09:22 Dismiss alert 10:48 Create issue 12:12 Fixing the vulnerability 13:21 CI/CD Pipeline reports 13:44 Automatically resolved vulnerability 14:46 Summary 15:45 Outro ▬▬▬▬▬▬ L I N K S 🔗▬▬▬▬▬▬ Source Code https://github.com/romanoroth/GitHubDevSecOps Blog-Post https://www.romanoroth.com/post/gitlab-vs-github-devsecops GitHub https://github.com/ Patrick Steger https://www.linkedin.com/in/patrick-steger-ch/ ▬▬▬▬▬▬ Want to learn more? 🚀 ▬▬▬▬▬▬ GitHub: DevSecOps: Part 1/12: What is GitHub? The fundamental concepts of a DevSecOps pipeline. https://youtu.be/_m5KYEi1ThA GitHub: DevSecOps: Part 2/12: Introduction to GitHub https://youtu.be/6ZdxXDu8ZDA GitHub: DevSecOps: Part 3/12: Learn How to Use SCA (Software Composition Analysis) https://youtu.be/xM3elerxjYo GitHub: DevSecOps: Part 4/12: How to ensure License Compliance? https://youtu.be/l7IBh2xkDcQ GitHub: DevSecOps: Part 5/12: Protect your Apps with Static Application Security Testing (SAST) https://youtu.be/p4xS2X5KsNk GitHub: DevSecOps: Part 6/12: How to use Container Scanning https://youtu.be/_ZeKh3GcbgU GitHub: DevSecOps: Part 7/12: How to find secrets in your own code with Secret Scanning https://youtu.be/k-uuPTLNXGM GitHub: DevSecOps: Part 8/12: How to use Dynamic Application Security Testing (DAST) https://youtu.be/v_xo1kgNYsE ▬▬▬▬▬▬ S U B S C R I B E 🔔 ▬▬▬▬▬▬ ╔═╦╗╔╦╗╔═╦═╦╦╦╦╗╔═╗ ║╚╣║║║╚╣╚╣╔╣╔╣║╚╣═╣ ╠╗║╚╝║║╠╗║╚╣║║║║║═╣ ╚═╩══╩═╩═╩═╩╝╚╩═╩═╝ https://www.youtube.com/channel/UCXvlc9x4zlv5DEqbby55Ivg?sub_confirmation=1 ▬▬▬▬▬▬ Connect with me 👋 ▬▬▬▬▬▬ LINKEDIN ► https://www.linkedin.com/in/romanoroth/ TWITTER ► https://twitter.com/RomanoRoth INSTAGRAM ► https://www.instagram.com/romanoroth/ FACEBOOK ►https://www.facebook.com/romanoroth/ MEETUP ► https://www.meetup.com/de-DE/DevOps-Meetup-Zurich/ CONFERNCE ►https://www.devopsdays.ch/ HOMEPAGE ► https://www.romanoroth.com/ ▬▬▬▬▬▬ P L A Y L I S T S ▶️ ▬▬▬▬▬▬ Modern Software Engineering https://www.youtube.com/playlist?list=PLrsbMazVPK_rb56rZQr2fyBGR3cyanZpX DevOps https://www.youtube.com/playlist?list=PLrsbMazVPK_ro3fn1G-3Ui2mBPHxOD9kF GitLab: Build a DevSecOps Pipeline https://www.youtube.com/playlist?list=PLrsbMazVPK_qhf3ahA_zRPlwBaGGhSu2P #devsecops #devops #github #romanoroth

🤩 The Zühlke 𝐃𝐞𝐯𝐎𝐩𝐬 𝐂𝐚𝐦𝐩 2023 was a blast! Curious about the Zühlke 𝐃𝐞𝐯𝐎𝐩𝐬 𝐂𝐚𝐦𝐩 2023? Experience the excitement firsthand in our video! Witness the remarkable journey of 7 teams, each comprising 7 talented individuals, as they transform their ideas into reality within just 4 days. Together, they built their own 𝐃𝐢𝐠𝐢𝐭𝐚𝐥 𝐅𝐚𝐜𝐭𝐨𝐫𝐲 utilizing the cutting-edge Zühlke Group 𝐏𝐥𝐚𝐭𝐟𝐨𝐫𝐦 𝐏𝐥𝐚𝐧𝐞 which is build upon best-of-breed tools such as Kubernetes, GitLab, Argo CD, Grafana, Loki, Tempo, Trivy, Kyverno, HashiCorp Vault, and more, these teams use the full potential of 𝐃𝐞𝐯𝐎𝐩𝐬 to create a seamless and efficient 𝐃𝐢𝐠𝐢𝐭𝐚𝐥 𝐅𝐚𝐜𝐭𝐨𝐫𝐲. Join us on this amazing visual adventure that showcases the convergence of development, quality assurance, operations, and security. The teams were able to complete 25 of the 33 challenges: ✅Agile Chartering ✅Setup the DevSecOps platform ✅Backlog ✅Documentation ✅Define the DevSecOps Pipeline ✅Architecture Decision Log ✅Build ✅Define how to ensure quality ✅Unit Test ✅Branching ✅Versioning ✅Software Composition Analysis ✅Integration Test ✅License Compliance ✅Static Application Security Testing ✅System Test ✅Containerization ✅Container Scanning ✅Document the architecture ✅Secret management ✅Feature toggles ✅Environment management ✅Continous Deployment 📌System Integration Test 📌Dynamic Application Security Testing 📌Vulnerability Management 📌Scheduled pipeline ✅End-To-End Testing 📌NFR Testing 📌Monitoring ✅Traceability of requirement 📌Measure 📌Service Level Agreements 😎 I am amazed and incredibly proud of the teams. Your performance was absolutely outstanding! Thank you very much for this amazing experience. 🤗I can't wait to do this workshop with another team and other platforms/tools. ▬▬▬▬▬▬ T I M E S T A M P S ⏰ ▬▬▬▬▬▬ 00:00 Intro 00:15 Regina Dietiker 00:36 Groups 00:44 Romano Roth 01:00 Challenges 01:25 The view 01:32 Playing together 01:50 Do work that metters 01:55 Group Picture ▬▬▬▬▬▬ L I N K S 🔗▬▬▬▬▬▬ Zühlke DevOps: https://www.zuehlke.com/en/careers/devops Zühlke DevOps Offering: https://www.zuehlke.com/en/expertise/devops Regina Dietiker: https://www.linkedin.com/in/regina-dietiker ▬▬▬▬▬▬ S O U N D 🔊▬▬▬▬▬▬ The Power of Awakening by Rage Sound https://tunetank.com/track/3963-the-power-of-awakening/ ▬▬▬▬▬▬ S U B S C R I B E 🔔 ▬▬▬▬▬▬ ╔═╦╗╔╦╗╔═╦═╦╦╦╦╗╔═╗ ║╚╣║║║╚╣╚╣╔╣╔╣║╚╣═╣ ╠╗║╚╝║║╠╗║╚╣║║║║║═╣ ╚═╩══╩═╩═╩═╩╝╚╩═╩═╝ https://www.youtube.com/channel/UCXvlc9x4zlv5DEqbby55Ivg?sub_confirmation=1 ▬▬▬▬▬▬ Connect with me 👋 ▬▬▬▬▬▬ LINKEDIN ► https://www.linkedin.com/in/romanoroth/ TWITTER ► https://twitter.com/RomanoRoth INSTAGRAM ► https://www.instagram.com/romanoroth/ FACEBOOK ►https://www.facebook.com/romanoroth/ MEETUP ► https://www.meetup.com/de-DE/DevOps-Meetup-Zurich/ CONFERNCE ►https://www.devopsdays.ch/ HOMEPAGE ► https://www.romanoroth.com/ ▬▬▬▬▬▬ P L A Y L I S T S ▶️ ▬▬▬▬▬▬ Modern Software Engineering https://www.youtube.com/playlist?list=PLrsbMazVPK_rb56rZQr2fyBGR3cyanZpX DevOps https://www.youtube.com/playlist?list=PLrsbMazVPK_ro3fn1G-3Ui2mBPHxOD9kF GitLab: Build a DevSecOps Pipeline https://www.youtube.com/playlist?list=PLrsbMazVPK_qhf3ahA_zRPlwBaGGhSu2P #devsecops #devops #github #romanoroth

What is Dynamic Application Security Testing (DAST) ? Session 8: In this video, Padi and I will show you how to find vulnerabilities in your running application using Dynamic Application Security Testing (DAST) in GitHub. ▬▬▬▬▬▬ T I M E S T A M P S ⏰ ▬▬▬▬▬▬ 00:00 Welcome 00:15 Intro 00:29 DevSecOps with GitHub 01:54 What is Dynamic Application Security Testing (DAST) 02:38 How to do DAST with GitHub? 03:24 How to implement DAST with GitHub? 06:03 Implementation of DAST in the GitHub 06:40 Add new workflow dast.yaml 11:47 Add reference to dast.yaml in main-pipeline.yaml 13:08 Pipeline run 13:13 DAST Job run 14:33 DAST report 14:46 ZAP scanning report 16:31 Automatically creat a issue from the DAST Job run 17:39 The created DAST issue 18:33 Summary 19:57 Outro ▬▬▬▬▬▬ L I N K S 🔗▬▬▬▬▬▬ Source Code https://github.com/romanoroth/GitHubDevSecOps Blog-Post https://www.romanoroth.com/post/gitlab-vs-github-devsecops GitHub https://github.com/ Patrick Steger https://www.linkedin.com/in/patrick-steger-ch/ OWASP ZAP Full Scan https://github.com/marketplace/actions/owasp-zap-full-scan ▬▬▬▬▬▬ Want to learn more? 🚀 ▬▬▬▬▬▬ GitHub: DevSecOps: Part 1/12: What is GitHub? The fundamental concepts of a DevSecOps pipeline. https://youtu.be/_m5KYEi1ThA GitHub: DevSecOps: Part 2/12: Introduction to GitHub https://youtu.be/6ZdxXDu8ZDA GitHub: DevSecOps: Part 3/12: Learn How to Use SCA (Software Composition Analysis) https://youtu.be/xM3elerxjYo GitHub: DevSecOps: Part 4/12: How to ensure License Compliance? https://youtu.be/l7IBh2xkDcQ GitHub: DevSecOps: Part 5/12: Protect your Apps with Static Application Security Testing (SAST) https://youtu.be/p4xS2X5KsNk GitHub: DevSecOps: Part 6/12: How to use Container Scanning https://youtu.be/_ZeKh3GcbgU GitHub: DevSecOps: Part 7/12: How to find secrets in your own code with Secret Scanning https://youtu.be/k-uuPTLNXGM ▬▬▬▬▬▬ S U B S C R I B E 🔔 ▬▬▬▬▬▬ ╔═╦╗╔╦╗╔═╦═╦╦╦╦╗╔═╗ ║╚╣║║║╚╣╚╣╔╣╔╣║╚╣═╣ ╠╗║╚╝║║╠╗║╚╣║║║║║═╣ ╚═╩══╩═╩═╩═╩╝╚╩═╩═╝ https://www.youtube.com/channel/UCXvlc9x4zlv5DEqbby55Ivg?sub_confirmation=1 ▬▬▬▬▬▬ Connect with me 👋 ▬▬▬▬▬▬ LINKEDIN ► https://www.linkedin.com/in/romanoroth/ TWITTER ► https://twitter.com/RomanoRoth INSTAGRAM ► https://www.instagram.com/romanoroth/ FACEBOOK ►https://www.facebook.com/romanoroth/ MEETUP ► https://www.meetup.com/de-DE/DevOps-Meetup-Zurich/ CONFERNCE ►https://www.devopsdays.ch/ HOMEPAGE ► https://www.romanoroth.com/ ▬▬▬▬▬▬ P L A Y L I S T S ▶️ ▬▬▬▬▬▬ Modern Software Engineering https://www.youtube.com/playlist?list=PLrsbMazVPK_rb56rZQr2fyBGR3cyanZpX DevOps https://www.youtube.com/playlist?list=PLrsbMazVPK_ro3fn1G-3Ui2mBPHxOD9kF GitLab: Build a DevSecOps Pipeline https://www.youtube.com/playlist?list=PLrsbMazVPK_qhf3ahA_zRPlwBaGGhSu2P #devsecops #devops #github #romanoroth

Talk at The DEVOPS Conference - Global 2023: HOW TO ARCHITECT FOR CONTINUOUS DELIVERY? Let's explore the importance of continuous delivery and how you can architect your system for it. By taking a step back and looking at the bigger picture, we can design a system that enables us to deliver code changes frequently and reliably. In this talk, Romano Roth covers the key principles of continuous delivery, the benefits it brings, and how to architect your system for it. #DevOps #ContinuousDelivery #CI/CD #TheDEVOPSConference --- Speaker: In the 20 years where he worked as a software developer, software architect, and consultant for Zühlke, he was able to build up a comprehensive knowledge of software development, architecture, and processes. He has worked with a variety of platforms and technologies, consulting in the sectors of financial, insurance, cyber security, electricity, medical, and aviation. His passion is helping companies bring people, processes, and technology together so that they can deliver continuously value to their customers. In his free time, Romano is organizing the DevOps Meetups Zürich where the DevOps community of Zürich meets together on a monthly basis. He also organizes the DevOps Days Zürich which is a yearly two-day conference. ---- 👇Learn more: https://hubs.li/Q01HY4ll0 https://hubs.li/Q01HY1940 ---- Timestamps: 00:00 Intro 02:25 Todays challenges 08:50 Science behind DevOps 10:40 The dora metrics 14:40 How DvOps looks like at scale 19:23 When the cognitive load is too high? 21:40 Platform engineering scales the platform 24:20 We are entering in the age of industrialization

What is Secret Scanning 🤫? Part 7/12: In this video, Padi and I will show you how to find secrets in your own code or configuration files with GitHub. ▬▬▬▬▬▬ T I M E S T A M P S ⏰ ▬▬▬▬▬▬ 00:00 Welcome 00:28 Intro 00:34 DevSecOps with GitHub 01:26 About Secret Scanning 03:13 Secrets in the source code? 04:15 How to enable Secret Scanning 04:56 How to review Secret Scanning findings 05:53 Supported secrets for advanced security 07:12 Enable Secret Scanning in GitHub 07:23 Enable Push Protection 07:33 Define custom pattern 08:57 Add secrets to the code 09:59 Publish rule 10:22 Secret scanning results 10:27 Why did it not find the other secrets? 11:26 Add Azure Secret 11:59 Why is push protection not working? 12:43 Secret scanning results 13:06 Summary ▬▬▬▬▬▬ L I N K S 🔗▬▬▬▬▬▬ Source Code https://github.com/romanoroth/GitHubDevSecOps Blog-Post https://www.romanoroth.com/post/gitlab-vs-github-devsecops GitHub https://github.com/ Patrick Steger https://www.linkedin.com/in/patrick-steger-ch/ Secret Scanning in GitHub https://docs.github.com/en/code-security/secret-scanning/about-secret-scanning ▬▬▬▬▬▬ Want to learn more? 🚀 ▬▬▬▬▬▬ GitHub: DevSecOps: Part 1/12: What is GitHub? The fundamental concepts of a DevSecOps pipeline. https://youtu.be/_m5KYEi1ThA GitHub: DevSecOps: Part 2/12: Introduction to GitHub https://youtu.be/6ZdxXDu8ZDA GitHub: DevSecOps: Part 3/12: Learn How to Use SCA (Software Composition Analysis) https://youtu.be/xM3elerxjYo GitHub: DevSecOps: Part 4/12: How to ensure License Compliance? https://youtu.be/l7IBh2xkDcQ GitHub: DevSecOps: Part 5/12: Protect your Apps with Static Application Security Testing (SAST) https://youtu.be/p4xS2X5KsNk GitHub: DevSecOps: Part 6/12: How to use Container Scanning https://youtu.be/_ZeKh3GcbgU GitHub: DevSecOps: Part 7/12: How to find secrets in your own code with Secret Scanning https://youtu.be/k-uuPTLNXGM ▬▬▬▬▬▬ S U B S C R I B E 🔔 ▬▬▬▬▬▬ ╔═╦╗╔╦╗╔═╦═╦╦╦╦╗╔═╗ ║╚╣║║║╚╣╚╣╔╣╔╣║╚╣═╣ ╠╗║╚╝║║╠╗║╚╣║║║║║═╣ ╚═╩══╩═╩═╩═╩╝╚╩═╩═╝ https://www.youtube.com/channel/UCXvlc9x4zlv5DEqbby55Ivg?sub_confirmation=1 ▬▬▬▬▬▬ Connect with me 👋 ▬▬▬▬▬▬ LINKEDIN ► https://www.linkedin.com/in/romanoroth/ TWITTER ► https://twitter.com/RomanoRoth INSTAGRAM ► https://www.instagram.com/romanoroth/ FACEBOOK ►https://www.facebook.com/romanoroth/ MEETUP ► https://www.meetup.com/de-DE/DevOps-Meetup-Zurich/ CONFERNCE ►https://www.devopsdays.ch/ HOMEPAGE ► https://www.romanoroth.com/ ▬▬▬▬▬▬ P L A Y L I S T S ▶️ ▬▬▬▬▬▬ Modern Software Engineering https://www.youtube.com/playlist?list=PLrsbMazVPK_rb56rZQr2fyBGR3cyanZpX DevOps https://www.youtube.com/playlist?list=PLrsbMazVPK_ro3fn1G-3Ui2mBPHxOD9kF GitLab: Build a DevSecOps Pipeline https://www.youtube.com/playlist?list=PLrsbMazVPK_qhf3ahA_zRPlwBaGGhSu2P #devsecops #devops #github #romanoroth