Building a Modern DevSecOps Workflow && Monitoring in Your CI/CD Pipeline

18:00 - 18:30 - Gathering & Mingling 🍻

18:30 - 18:45 - Opening Notes

18:45 - 19:15 - From Traditional AppSec Tools to AI-Powered Reviews: Building a Modern DevSecOps Workflow

19:15 - 19:45 - Automating Database Testing and Monitoring in Your CI/CD Pipeline

--------------------------------Full-Agenda-Below---------------------------------

18:30 - 18:45 - Introduction & Community updates

18:45 - 19:15 - From Traditional AppSec Tools to AI-Powered Reviews: Building a Modern DevSecOps Workflow by Ariel Beck & Meshi Yona

Traditional AppSec toolchains often feel like a patchwork of tools—each with its own setup, maintenance, and integration challenges. They can slow down development, overwhelm teams with alerts, and still leave gaps in security coverage.

In this talk, we’ll explore how to set up a comprehensive DevSecOps chain using GitHub Actions integrated with best-in-class open-source tools for SAST, secrets detection, SCA, and DAST. Then, we’ll show how you can rethink this workflow using an AI agent powered by AWS Bedrock and Claude to review code, streamline processes, and deliver actionable insights.

Through a live demo, you’ll see both approaches in action and learn how to overcome common pitfalls in building secure pipelines. By the end, you’ll gain practical knowledge to enhance your security practices, reduce friction in your workflows, and adopt modern tools with confidence. Whether you're a developer, security professional, or DevOps enthusiast, this talk will help you take your DevSecOps to the next level.

-----------------------------------------------------------------------------------------
Meshi is a Software Engineer Team Lead at Jit with extensive experience in cyber security and delivering high-quality, scalable solutions. With a strong technical background and a passion for fostering collaboration, Meshi thrives on tackling complex challenges and driving innovation in fast-paced environments.

Ariel is a Software Architect at Jit.io. He holds a B.Sc. in Computer Science from the Academic College of Tel Aviv-Yaffo, and has over 10 years of experience as a software architect in various fields and technologies, with a focus on cloud-based solutions.

-----------------------------------------------------------------------------------------
19:15 - 19:45 - Automating Database Testing and Monitoring in Your CI/CD Pipeline by Ben Greenberg

This talk will guide you through the essentials of integrating comprehensive database testing and monitoring into your CI/CD pipelines. We'll explore the types of tests you should run, from unit to performance tests, and demonstrate how to automate these processes using GitHub Actions. Testing databases involves unique challenges such as ensuring data consistency, handling stateful interactions, and dealing with various concurrency issues. We'll also touch upon and briefly show how to share your GitHub Actions workflow data with monitoring tools like Prometheus, and what aspects of your workflow data you should share to maintain a healthy and performant database. Join us to learn how to elevate your CI/CD workflows and achieve more holistic database management.

-----------------------------------------------------------------------------------------
Ben previously spent a decade in adult education, community organizing, and non-profit management before transitioning to software development. He works as a Senior Developer Advocate at Couchbase and is a member of the board of Ruby Central. Ben is actively involved in open source and writes regularly on the intersection of tech, ethics, and community. He is the author of the forthcoming book Mastering Vector Search for Developers, to be published by Pragmatic Programmers. He can be found online at hummusonrails.com