attacking pipelines--security meets continuous delivery
Post on 19-Oct-2014
1.231 views
DESCRIPTION
Talk given at ISC2 Secure SDLC event in Austin, TX The release velocity for our applications is increasing, often leaving security testing behind. In some cases, the security team ends up being the bottleneck. That's bad. In an idyllic world, security testing would happen earlier in the development lifecycle, but lets do one better. Lets do security testing on every code change. Using automation tooling and DevOps practices, this talk will help you tune security testing to your release cadence and more importantly help you deliver more rugged software.TRANSCRIPT
![Page 1: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/1.jpg)
![Page 2: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/2.jpg)
Goal: Equip you with the Theory, Examples and Tooling so that you can begin Your
rugged journey with an attacking pipeline you can lovingly call your very own
![Page 3: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/3.jpg)
![Page 4: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/4.jpg)
James [email protected]
Austin, TX
Gauntlt Core Team
DevOps Days Austin Organizer
Velocity, LASCON, ISC2, AppSecUSA, B-Sides, …
![Page 5: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/5.jpg)
Why does this matter?
![Page 6: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/6.jpg)
![Page 7: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/7.jpg)
“I want to solve a problem so we can make awesome”
- Business
![Page 8: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/8.jpg)
CIO say whut?
![Page 9: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/9.jpg)
![Page 10: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/10.jpg)
…in 2 years with an expensive, bloated project that is so fragile that we
can only make changes to it 4 times a year and only after the sacred upgrade
rituals are performed
![Page 11: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/11.jpg)
CISO say whut?
![Page 12: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/12.jpg)
![Page 13: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/13.jpg)
Biz say whut?
![Page 14: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/14.jpg)
Just Ship It!
![Page 15: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/15.jpg)
SPOILER ALERT!
![Page 16: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/16.jpg)
the business wins
![Page 17: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/17.jpg)
![Page 18: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/18.jpg)
![Page 19: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/19.jpg)
How did we get here?
![Page 20: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/20.jpg)
Software has Changed
![Page 21: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/21.jpg)
Software as a Service
![Page 22: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/22.jpg)
Software as
Bricolage
![Page 23: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/23.jpg)
Bolt on Feature
Approach
![Page 24: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/24.jpg)
Fragile Code as a Service
![Page 25: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/25.jpg)
Deploy Timelines Have Changed
![Page 26: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/26.jpg)
Dev and Ops have teamed up in this new world
![Page 27: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/27.jpg)
http://www.slideshare.net/jallspaw/10-deploys-per-day-dev-and-ops-cooperation-at-flickr
![Page 28: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/28.jpg)
DevOps is 5 years old now
![Page 29: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/29.jpg)
The security organization is stuck in 1997
… mostly
![Page 30: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/30.jpg)
Why is that?
![Page 31: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/31.jpg)
Compliance Driven Culture: PCI, SOX, …
![Page 32: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/32.jpg)
Ratio Problem Devs / Ops / Security
100 / 10 / 1
![Page 33: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/33.jpg)
Security Tools are run out-of-band
![Page 34: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/34.jpg)
But, there is hope
![Page 35: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/35.jpg)
https://speakerdeck.com/garethr/security-monitoring-penetration-testing-meets-monitoring
![Page 38: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/38.jpg)
![Page 39: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/39.jpg)
Rugged Journey
Quality
Transparency
Value Creation
Culture infusion
![Page 40: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/40.jpg)
#RuggedDevOps
![Page 41: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/41.jpg)
http://www.slideshare.net/wickett/putting-rugged-into-your-devops-toolchain
![Page 42: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/42.jpg)
Pipelines!
![Page 43: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/43.jpg)
Continuous Integration
![Page 44: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/44.jpg)
commit -> test -> deploy
![Page 45: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/45.jpg)
github -> travis -> s3
![Page 46: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/46.jpg)
git -> jenkins -> rundeck
![Page 47: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/47.jpg)
you can now answer the question of what is deployed and how it
was tested
![Page 48: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/48.jpg)
Simple is better
![Page 49: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/49.jpg)
Continuous Integration Options
On premise: Jenkins
Cloud hosted: Travis CI, Circle CI, CloudBees, Wercker, Shippable, Drone.io…
Or a mix: DotCI
![Page 50: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/50.jpg)
![Page 51: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/51.jpg)
Attacking Pipeline Guide
Check your app/service/thing into a github repo
Create some security tests
Setup Travis CI to talk to your repo
Create a .travis.yml file
Write code, write moar security tests…
![Page 52: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/52.jpg)
Try this at home
![Page 54: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/54.jpg)
What is gauntlt-demoContains vulnerable web apps written in python and ruby on rails
Easy hooks for spinning up the apps
Contains labs and examples for writing attacks
An attacking pipeline Travis CI to attack the web apps
![Page 55: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/55.jpg)
Installation
$ git clone https://github.com/gauntlt/gauntlt-demo
$ cd ./gauntlt-demo
$ git submodule update --init --recursive
$ bundle
![Page 56: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/56.jpg)
$ bundle exec start_services\ config/gruyere.rb
![Page 58: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/58.jpg)
Attacking Pipeline Guide
Check your app/service/thing into a github repo
Create some security tests
Setup Travis CI to talk to your repo
Create a .travis.yml file
Write code, write moar security tests…
![Page 59: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/59.jpg)
Security Testing
Static Code Analysis
Dynamic Testing
Virus Scanning
Code Signing Checks
Business logic/flow testing
![Page 60: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/60.jpg)
convert thy pdf to tests!
![Page 61: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/61.jpg)
Wouldn’t it be great if we could automate our
security tests…
![Page 62: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/62.jpg)
http://static.hothdwallpaper.net/51b8e4ee5a5ae19808.jpg
![Page 63: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/63.jpg)
Security + Cucumber = Gauntlt
![Page 64: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/64.jpg)
Built on Cucumber
![Page 65: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/65.jpg)
Gauntlt PhilosophyGauntlt comes with pre-canned steps that hook security testing tools
Gauntlt does not install tools
Gauntlt can be part of the CI/CD pipeline
Be a good citizen of exit status and stdout/stderr
MIT Open Source License
![Page 66: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/66.jpg)
Who uses Gauntlt?
![Page 67: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/67.jpg)
TLDR; !
Gauntlt automates security tools
![Page 68: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/68.jpg)
Attack Logic
GIVENWHENTHEN
![Page 69: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/69.jpg)
![Page 70: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/70.jpg)
Let’s automate two attacks
![Page 71: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/71.jpg)
Garmr is Mozilla Security policy distilled for the rest
of us
![Page 72: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/72.jpg)
![Page 73: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/73.jpg)
Check for XSS
![Page 74: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/74.jpg)
![Page 75: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/75.jpg)
Rakerequire 'gauntlt'
task :gauntlt do
sh "cd ./vendor/gruyere && ./manual_launch.sh && cd ../.."
sh "cd ./examples && bundle exec gauntlt --tags @final && cd .."
sh "cd ./vendor/gruyere && ./manual_kill.sh && cd ../.."
end
![Page 76: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/76.jpg)
Attacking Pipeline Guide
Check your app/service/thing into a github repo
Create some security tests
Setup Travis CI to talk to your repo
Create a .travis.yml file
Write code, write moar security tests…
![Page 77: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/77.jpg)
Let’s set up the pipeline
![Page 78: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/78.jpg)
Setup Travis CI
Go to travis-ci.org, login with github credentials
Find the repo you cloned (might need to sync)
Flip the switch ‘on’
![Page 79: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/79.jpg)
![Page 80: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/80.jpg)
Attacking Pipeline Guide
Check your app/service/thing into a github repo
Create some security tests
Setup Travis CI to talk to your repo
Create a .travis.yml file
Write code, write moar security tests…
![Page 81: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/81.jpg)
.travis.ymllanguage: ruby
rvm:
- 1.9.3
before_install:
- git submodule update --init --recursive
![Page 82: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/82.jpg)
.travis.ymlbefore_script:
- sudo apt-get install nmap
- export SSLYZE_PATH="/home/travis/build/gauntlt/gauntlt-demo/vendor/sslyze/sslyze.py"
- export SQLMAP_PATH="/home/travis/build/gauntlt/gauntlt-demo/vendor/sqlmap/sqlmap.py"
- 'cd vendor/Garmr && sudo python setup.py install && cd ../..'
![Page 83: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/83.jpg)
.travis.yml
script: bundle exec rake
![Page 84: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/84.jpg)
.travis.ymlnotifications:
irc:
channels:
- “chat.freenode.net#gauntlt"
use_notice: true
![Page 85: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/85.jpg)
.travis.ymldeploy:
provider: s3
access_key_id: ASDBDSABDASDBDSDASD
secret_access_key:
secure:dasjdkla;sdjsakdsadasd
bucket: build-artifacts
![Page 86: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/86.jpg)
![Page 87: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/87.jpg)
![Page 88: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/88.jpg)
![Page 89: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/89.jpg)
Sahweet!
![Page 90: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/90.jpg)
Attacking Pipeline Guide
Check your app/service/thing into a github repo
Create some security tests
Setup Travis CI to talk to your repo
Create a .travis.yml file
Write code, write moar security tests…
![Page 91: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/91.jpg)
https://speakerdeck.com/mkonda/appsecusa-2013-insecure-expectations
http://vimeo.com/75930344
![Page 92: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/92.jpg)
more on gauntlt
• Google Group > https://groups.google.com/d/forum/gauntlt
• Wiki > https://github.com/gauntlt/gauntlt/wiki• Twitter > @gauntlt• IRC > #gauntlt on freenode• Issue tracking > http://github.com/gauntlt/gauntlt
![Page 94: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/94.jpg)
50% off Gauntlt Bookleanpub.com/hands-on-gauntlt/c/austin-sdlc
Caveat Emptor: Under
development!
Valid until June 15th
![Page 95: Attacking Pipelines--Security meets Continuous Delivery](https://reader033.vdocuments.site/reader033/viewer/2022051512/54445b7bb1af9f680a8b488d/html5/thumbnails/95.jpg)