Rootconf 2025 Annual Conference CfP

In this session, we’ll learn how LinkedIn has engineered and scaled an open-source security pipeline to secure millions of packages across its expansive ecosystem. With a platform that serves over a billion members and processes millions of daily interactions, LinkedIn requires an efficient system to manage both internal and third-party packages securely.

We’ll discuss the architecture of our pipeline, which seamlessly integrates with custom-built solutions to automate critical tasks such as package scanning and vulnerability management. Attendees will gain insights into our journey from manual, labor-intensive processes to a fully automated, decentralized system that ensures every package is thoroughly vetted for security risks before deployment.

Takeaways

• In this session, you’ll learn the strategies and techniques to design and implement an automated security pipeline that grows effortlessly alongside your organization, embedding security practices into every phase of the development lifecycle.
• Learn about our custom risk scoring engine, an automated system that evaluates multiple factors such as vulnerability severity and operational impact to generate a dynamic risk score.

Audience

This session is tailored for security engineers, DevOps professionals, and software architects operating in large-scale or rapidly expanding organizations.

Bio

I’m Keshav, a Senior Product Security Engineer at LinkedIn, where I firmly believe that the most complex security challenges can be effectively solved using innovative engineering solutions.