Rootconf 2025 Annual Conference - 16th and 17th May
On platforms, distributed data systems & security
Samiksha Singhal
@samiksha138
"The CI/CD Security Stack: From Secret Scanning to Dashboard - A Complete Blueprint"
Submitted Apr 1, 2025
Type of submission:
Demo - side project; open source project; something I have built in my org
Topic of your submission:
CI/CD
I am submitting for:
Rootconf Annual Conference 2025
Security tools like TruffleHog (secrets), OWASP Dependency-Check (SCA), Semgrep (SAST), ZAP (DAST), Trivy (containers), and Checkov (IaC) are essential - but without consolidation, they create alert fatigue and missed risks. This session delivers a complete playbook for:
Toolchain Integration:
Configuring each scanner to fail builds on critical risks (without false positive overload)
Environment-aware policies (e.g., warn in dev, block in prod)
Pipeline-as-code examples (GitHub Actions/GitLab CI, Jenkins)
Unified Visibility:
Automatically aggregating all findings into OWASP DefectDojo
Creating a single “security truth” dashboard for:
Vulnerability trending
SLA tracking for fixes
Compliance evidence (SLSA, SOC2)
Real-World Defense:
How this setup caught a critical secret leak + container CVE pre-deployment
Comparing scan reports vs. dashboard-driven remediation
Key Takeaways:
Complete Pipeline Protection - From code commit (secrets/SAST) to cloud deploy (IaC/containers)
From Alerts to Action - How the DefectDojo dashboard turns scattered reports into prioritized fixes
Who Needs This?
DevSecOps Teams building secure pipelines
AppSec Engineers tired of tool sprawl
Cloud Teams needing compliance visibility
Speaker Bio:
Samiksha Singhal is a security architect at Software AG who has implemented this stack for 10+ pipelines. “Built a DefectDojo integration processing 10K+ findings weekly” or “Reduced mean-time-to-fix by 65% with dashboard-driven remediation.”
Comments
In-person conference
Hosted by
We care about site reliability, cloud costs, security and data privacy
Supported by
Gold Sponsor
Coinbase (NASDAQ: COIN) is on a mission to increase economic freedom for more than 1 billion people.
Gold Sponsor
Nutanix is a global leader in cloud software, offering organizations a single platform for running apps and data across clouds.
Sponsor
Facets.cloud is the orchestration platform for infra, CI/CD, and config. Built for self-service, governance, and AI readiness.
Sponsor
Thoughtworks is a global technology consultancy that integrates strategy, design and engineering to drive digital innovation.
{{ gettext('Login to leave a comment') }}
{{ gettext('Post a comment…') }}{{ errorMsg }}
{{ gettext('No comments posted yet') }}