This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2022-05-12
Channels
- # ask-the-speaker-track-1 (136)
- # ask-the-speaker-track-2 (192)
- # ask-the-speaker-track-3 (82)
- # ask-the-speaker-track-4 (89)
- # bof-arch-engineering-ops (1)
- # bof-leadership-culture-learning (2)
- # bof-sec-audit-compliance-grc (3)
- # demos (1)
- # discussion-main (675)
- # discussion-more (9)
- # games (4)
- # games-self-tracker (1)
- # gather (1)
- # help (4)
- # hiring (5)
- # networking (2)
- # summit-info (41)
- # xpo-bmc-ami-devops (1)
- # xpo-cloudbees (4)
- # xpo-github-for-enterprises (1)
- # xpo-gitlab-the-one-devops-platform (7)
- # xpo-itrevolution (3)
- # xpo-launchdarkly (3)
- # xpo-lightstep-observability-incidentresponse (1)
- # xpo-linearb-automate-dev-team-improvement (4)
- # xpo-planview-tasktop (2)
- # xpo-snyk (3)
- # xpo-sonatype (1)
- # xpo-split (1)
- # xpo-synopsys-sig (3)
- # xpo-tricentis-continuous-testing (1)
Reminder: Get yourself in front of your browser and into #ask-the-speaker-plenary for the opening remarks. Weโre kicking off the final day of the DevOps Enterprise Summit in 15 minutes at 10am BST! https://devopsenterprise.slack.com/files/UATE4LJ94/F01D34MC2KS/image.png
Reminder: Remember all those talks you attended the first two days of the Summit? Please submit your feedback for those! Itโs so valuable for us and the speakers. And after all, feedback is a gift and sharing is caring! Enter your feedback for those talks here: https://members.itrevolution.com/live/schedule https://devopsenterprise.slack.com/files/UATE4LJ94/F03E48CJRF1/image.png
Reminder: The final day is starting now โ opening remarks and then plenary talks! Join the conversation in #ask-the-speaker-plenary.
Hello DOES and lets connect for good! "You might have read The Phoenix Project, or have come across "sooner, safer, happier", a small insight on what it has been like forging new ways of workingโฆ There is rarely a good time for transformation, however, evolving with an agile mindset and using DevOps principles are certainly key for the future of the business. Discovering the joy of "aha!" moments and re-igniting the passion for development have been a wonderful part of the journey. This talk walks through the experience as a "newbie" on the transformation journey and key aspects that stood out! Have you found your Eric? Let me share my experience with you, join my https://doeseurope2022.sched.com/event/11fus "We connect for good" today at 12.50 BST!"
hope you enjoy the talk! feel free to ask any questions (naturally!) hecklers will be escorted out of the building chuckle
Reminder: The breakout sessions are starting in 5 minutes. Get in front of your browser and start navigating your way to whichever session youโre attending. https://devopsenterprise.slack.com/files/UATE4LJ94/F01D34MC2KS/image.png
๐:skin-tone-2:A warm welcome to @james.moverley for our next session's Q&A. Thank you Gitlab! ๐
Canโt believe you just worked in a more cowbell reference :rolling_on_the_floor_laughing:
specially when an enterprise architect confessed they had spend days trying to find out what "cowbell" technology is
background: our squad was really "playful" and we had amazing fun and laughs (+ lots of "in" jokes)
@jonathansmart1โs C.R.A.P. lightning talk https://videos.itrevolution.com/watch/504289269/
Be interested to see if anyone on here are building pipeline delivery mechanisms of OTHER vendor software
thanks alex ๐ means alot! : actually i realised that its been a while since i've made some presentations like this.. so was good to get back into it! #therewasanattempt
@james.moverley you are natural born speaker! Very knowledgeable, interactive and charismatic! Thank you, I really enjoyed the session!
Nice session @james.moverley - I remember the last time we spoke how excited you were about this capability - so it's great to see you tell your story ๐
thanks for having me folks, a very bare bones run down of OUR journey ๐
๐กWelcome to the GitHub team @colinbeales and @rerwinx for answering your questions today about their session, How to Secure Your End-to-end Supply Chain Thank you GitHub! ๐ก
I think that is actually low. That reflects public repos and reporting.
NIST SP 800-160 vol 1-3 will explain all the different qualities to authenticators.
NIST SP 800-63B speaks to MFA guidelines as well. https://pages.nist.gov/800-63-3/sp800-63b.html#sec4
From a security perspective key if it is more available (A) then need to add more effort to confidentiality (C) and Integrity (I).
Iโm so afraid of keys from Twitter, Slack, GCP, MySQL in my GitHub repos โ are you saying those will be automatically detected? That would be amazing!
@colinbeales @rerwinx It was so exciting to hear how GitHub scans for secrets in reposโ is this something I need to specifically enable?
Yep (https://docs.github.com/en/enterprise-cloud@latest/code-security/secret-scanning/about-secret-scanning) and even better, the new https://docs.github.com/en/enterprise-cloud@latest/code-security/secret-scanning/protecting-pushes-with-secret-scanning
That would be amazing โ is it enabled now already, or in future? (Iโve always had anxiety about this, and would love to get some more assurance that my repos are secret-free. Well, you know, within in reason! Thank you!)
It will be scanning on Public repos right now. It needs to be enabled for Private repos and forms part of GitHub Advanced Security.
If anyone wants to talk more about any security features in GitHub, swing by #xpo-github-for-enterprises
This is exciting โ I canโt find the โAdvanced Securityโ setting? This is for private personal repo. Is this only for Public and Enterprise repos?
Hey Gene, These features are behind what we call GitHub Advanced Security which require an extra license. https://docs.github.com/en/get-started/learning-about-github/about-github-advanced-security
What company do you work for? I can look up who your Account Manager is and get them to get in touch with you if you are interested ๐
@fokkov - Plenty of actions for scanning as part of your build https://github.com/marketplace?type=actions&query=sign also you can just execute commands against your tools of choice at the right point in your process to ensure signing is complete. Essentially if you can automate it, actions can run it.
Thanks @colinbeales, makes sense. I thought there would be an out-of-the-box feature to implement this ๐
As the scope for what you can be signing is so large based on different technologies in play it helps to have the community, vendors and GitHub all building actions to make sure we cover as many automation requirements as possible.
Running late? -? 0800-DEVOPS by CROZ is a sociotechnical newsletter and podcast covering topics of technical excellence, organizational improvements, and productivity.
โIT Revolution called and said hey, letโs take your 30 pages, and turn it into a short book. Then John Willis said no, letโs turn it into a novel.โ
Reminder: The breakout sessions are starting again in 5 minutes. Get in front of your browser and start navigating your way to whichever session youโre attending. https://devopsenterprise.slack.com/files/UATE4LJ94/F01D34MC2KS/image.png
๐ฃ Welcome @giorgos.ampavis for our next session's Q&A. Thank you Premier Sponsor LaunchDarkly! ๐ฃ
Itโs really powerful to conceptualise feature toggles as โmerging incomplete codeโ - it feels like thatโs arguably a better sell for developers than โdecoupling deployments and releasesโ
I perceive the latter as the objective and the former as the means to achieve it ๐
I think the former could also be used as a selling point - feature toggles stop you worrying about long-lived branches and merge conflicts. Iโd never thought of it that way until you said it!
A big welcome to @ekharchenko and @kvahsen for our next session's Q&A. Thank you StackOverflow!
Thank you to Prashanth (and @ekharchenko @kvahsen) - some very interesting stats in there!
"shouldn't disrupt your flow to learn" - I feel this - anyone else dealing with restricted to no internet access at work? makes access to learning...complicated...
restricted access to internet at work sounds tough! how do you find info?
depends. most developers have access, but few have unfettered access. plus lots, but weirdly gappy, information internally accessible. I've definitely had to resort to reading up on some thought leader trends on personal time. Just wanted to know if others faced similar struggles
Reminder: The final plenary sessions are starting in 5 minutes. Start making your way back to your browser and join us in #ask-the-speaker-plenary to interact live with the speakers and other attendees. https://devopsenterprise.slack.com/files/UATE4LJ94/F01D34MC2KS/image.png
Reminder: Please submit your feedback for the talks you attended. Itโs so valuable for us and the speakers. And after all, feedback is a gift and sharing is caring! Enter your feedback for those talks here: https://members.itrevolution.com/live/schedule https://devopsenterprise.slack.com/files/UATE4LJ94/F03E48CJRF1/image.png