This post talks about how we approach security automation in BitBucket Pipelines. It also introduces some new open source tools we built and use in the process. Security In Pipelines We’ve written before about using GitHub Actions and provided an Action friendly “workflow” with our Crush tool. At a high level, Pipelines and Actions just […]
At AppSecUSA, OWASP Glue, a project we contribute heavily to, was asked to present in the project showcase. I put together an overview talk about how the tool is architected and what we use it for. Then, we added a new task live during the talk. I thought that was enough fun that it was […]
Its been an exhilarating few weeks. I had to remind myself to take a breath and blog today. What’s new-ish is that, we have a core team working on a new platform for security automation. It extends the work we’ve done with Glue and other ideas taken from a great sample of client consulting engagements. […]
Incubator At Jemurai, we have started incubating products. We love security consulting and the engineering we do there, but there is something amazing about building a product. In particular, I constantly crave the experience of pushing the limit and trying something new and a little different. I’m even embracing marketing and failing fast. So each […]
Today I gave a talk at a company’s internal security conference about automation. The slides are on speakerdeck. A video is on Vimeo. The point of the talk was threefold: Explain where automation works well and examples of where we use it with OWASP Glue Explain newish cool automation like cloud analysis and pre-audit preparation […]
