A security talk is often a hacker showing off what they can do and how you should defend.
I'm not a hacker. At least I never considered myself one in my adult life.
My team at Egnyte is running an ever-growing number of small integrations to make big apps work together.
I happened to be in the middle of a maintenance run across 30 repositories when a bunch of new vulnerabilities in popular npm packages were published. What follows is a story of good security practices at scale: 30 failed pipelines, lots of teeth grinding and finally - automation.
Oh, and it features the npm audit
command and a possible future for it.
This talk is about secure build and deployment pipelines, efficient dependency vulnerability management and the daily struggle of a security-aware developer. No flashy XSS payloads, sorry.
This is a submission to ReactiveConf lightning talks