Software Engineering Radio - the podcast for professional software developers

SE Radio 575: Nir Valtman on Pipelineless Security

Aug 1, 2023

56:49

Creator website

Highlights

AI Chapters

Episode notes

Embracing a Pipeline-Less Approach for Security and Quality

01:18

Efficient Code Review Process

01:10

Efficient Vulnerability Management through Automated Tracking and Role-based Access

01:19

Balancing Hype with Practicality in Vulnerability Assessments

01:22

Introduction

2min

How to Scale a Pipeline-Less Security Process

2min

The Challenges of Integrating Security Into Pipelines

2min

The Risks of Misconfigured Repositories

5min

The Pros and Cons of Integrating Security Tools in a Developer Environment

4min

The Importance of Pipeline Less Security

5min

The Future of GitHub Co-Pilot

2min

Pipelineless Securities: How to Implement It

2min

The Importance of Code Coverage in Pipeline Testing

2min

10.

How Many Checks Do You Also Run?

2min

11.

How to Measure a Pipelineless Security Approach

3min

12.

How to Handle a High Security Risk in Your Code Base

3min

13.

How to Avoid Hard Coded Secrets in GitHub

2min

14.

How GitHub Advanced Security Works

2min

15.

How to Avoid False Positives With a Pipeline Less Approach

2min

16.

The Future of to Do List Culture

3min

17.

Exploitability of Third Party Libraries

3min

18.

How to Protect GitHub Repositories From Misconfiguration

3min

19.

GitGoat: A Security Misconfiguration Tool

3min

20.

How ANICA Works

3min

21.

How to Be a Better Social Media Scientist

2min

Nir Valtman, co-Founder and CEO at Arnica, discusses pipelineless security with SE Radio host Priyanka Raghavan. They start by defining pipelines and then consider how to add security. Nir lays out the key challenges in getting good code coverage with the pipeline-based approach, and then describes how to implement a pipelineless approach and the advantages it offers. Priyanka quizzes him on the concept of "zero new hardcoded secrets," as well as some ways to protect GitHub repositories, and Nir shares examples of how a pipelineless approach could help in these scenarios. They then discuss false positives and handling developer fatigue in dealing with alerts. The show ends with some discussion around the product that Arnica offers and how it implements the pipelineless methodology.

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Software Engineering Radio - the podcast for professional software developers

SE Radio 575: Nir Valtman on Pipelineless Security

Embracing a Pipeline-Less Approach for Security and Quality

Efficient Code Review Process

Efficient Vulnerability Management through Automated Tracking and Role-based Access

Balancing Hype with Practicality in Vulnerability Assessments

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights