Samiksha Singhal
@samiksha138
"The CI/CD Security Stack: From Secret Scanning to Dashboard - A Complete Blueprint"
Submitted Apr 1, 2025
Type of submission:
Demo - side project; open source project; something I have built in my org
Topic of your submission:
CI/CD
I am submitting for:
Rootconf Annual Conference 2025
Security tools like TruffleHog (secrets), OWASP Dependency-Check (SCA), Semgrep (SAST), ZAP (DAST), Trivy (containers), and Checkov (IaC) are essential - but without consolidation, they create alert fatigue and missed risks. This session delivers a complete playbook for:
Toolchain Integration:
Configuring each scanner to fail builds on critical risks (without false positive overload)
Environment-aware policies (e.g., warn in dev, block in prod)
Pipeline-as-code examples (GitHub Actions/GitLab CI, Jenkins)
Unified Visibility:
Automatically aggregating all findings into OWASP DefectDojo
Creating a single “security truth” dashboard for:
Vulnerability trending
SLA tracking for fixes
Compliance evidence (SLSA, SOC2)
Real-World Defense:
How this setup caught a critical secret leak + container CVE pre-deployment
Comparing scan reports vs. dashboard-driven remediation
Key Takeaways:
Complete Pipeline Protection - From code commit (secrets/SAST) to cloud deploy (IaC/containers)
From Alerts to Action - How the DefectDojo dashboard turns scattered reports into prioritized fixes
Who Needs This?
DevSecOps Teams building secure pipelines
AppSec Engineers tired of tool sprawl
Cloud Teams needing compliance visibility
Speaker Bio:
Samiksha Singhal is a security architect at Software AG who has implemented this stack for 10+ pipelines. “Built a DefectDojo integration processing 10K+ findings weekly” or “Reduced mean-time-to-fix by 65% with dashboard-driven remediation.”
{{ gettext('Login to leave a comment') }}
{{ gettext('Post a comment…') }}{{ errorMsg }}
{{ gettext('No comments posted yet') }}