Rootconf 2025 Annual Conference CfP
Rootconf
Rootconf

Rootconf 2025 Annual Conference CfP

Speak at Rootconf 2025 Annual Conference

Tickets

Loading…

All submissions

Yella Krishna

THE NEED FOR TRUE SHIFT LEFT SECURITY

Submitted Apr 20, 2025

Topic of your submission: Supply chain security Type of submission: 30 mins talk I am submitting for: Rootconf Annual Conference 2025

Problem Statement:

Today’s security tools only show up after you have merged, or even deployed code. By then, fixing vulnerabilities means costly rework, missed deadlines, and frustrated teams.

Why Current Checks Fall Short:

• IDE tools can be bypassed by the developers. Product and Security teams do not have any control and visibility.
• Identifying security issues within CI/CD pipelines is too late in the process as developers would have spent time already building the entire functionality, integrations working functionality, completed testing.
• Developers hate fixing security issues when they are ready to deploy applications and worried about breaking the functionality.
• Security teams do not like to see issues when applications are deployed.

True Shift Left at Feature Development – Commit Analysis:

In this session, you will discover how to embed security into feature development. Scanning every commit, before code ever reaches a shared branch, so you catch and fix the most critical risks when context is fresh and remediation is cheapest. By combining commit level scans with reachability analysis to eliminate false positives, teams accelerate time to market, slash remediation costs, and eliminate late stage surprises once and for all.

Key Takeaways:

  1. Learn how scanning at the feature development stage, before code hits shared branches can drastically reduce security debt, rework, and release delays.
  2. Understand how generating a real-time Software Bill of Materials (SBOM) from the very first commit helps meet compliance needs, improves visibility, and builds confidence in your application’s supply chain.

Target Audience:

• Developers
• DevOps Engineers & Site Reliability Engineers (SREs)
• Engineering Managers & Tech Leads
• CTOs, CIOs & Product Leaders
• DevSecOps Practitioners & Compliance Officers

Speaker’s Bio:

Hi, I’m Krishna, a backend developer at Flyingduck with a decent foundation in cybersecurity and a deep curiosity on how things work. While I spend most of my time writing code in golang, I’m equally passionate about securing the software supply chain from the inside out. I actively research the intersection of AI and security, exploring how intelligent systems can help developers ship safer code without slowing down.

All submissions

Comments

{{ gettext('Login to leave a comment') }}

{{ gettext('Post a comment…') }}
{{ gettext('New comment') }}
{{ formTitle }}

{{ errorMsg }}

{{ gettext('No comments posted yet') }}

Follow
Hybrid access (members only)

Hosted by

Rootconf
Rootconf
We care about site reliability, cloud costs, security and data privacy