Menu
AGENDA
SwampUP 2023 is a full day dedicated to your DevOps and DevSecOps Journey.
Many topics to choose from, including Cloud Native, DevSecOps, Enterprise DevOps, and Digital Transformation.
Click on the filter to select the topic(s) you are interested in.
September 13, 2023
1
7:30 AM
Registration
WED 7:30 AM - 1:30 PM
The Swamp
2
9:00 AM
Keynote
The Next-Gen Software Supply Chain
Shlomi Ben Haim
|
CEO & Co-founder, JFrog
https://sessionize.com/image/c5c7-400o400o1-VTfsc8y312g9sYjdNZWt6t.jpg
Shlomi is CEO and co-founder of JFrog, creators of the universal DevOps platform. He brings over 20 years of experience in building profitable, high-growth information technology companies. Prior to JFrog, Shlomi was the CEO of AlphaCSP (acquired in 2005 by MalamTeam) and was a Major in the Israeli Air Force. Shlomi holds an MS from Clark University (Massachusetts) and a BA from Ben-Gurion University (Israel).
WED 9:00 AM - 9:15 AM
Top Frog
The evolution from DevOps and CI/CD to cloud-native technologies, microservices architecture, security and governance - and now all the way to automation and Artificial Intelligence - requires a new generation of SSC management that aims to deliver software faster, with higher quality, enhanced security, and improved customer experiences. In this session, we’ll share insights from over 7,000 JFrog customers, and what the F100 list tells us about where the software supply chain is headed. Get Ready for Next!
3
9:15 AM
Keynote
Incorporating Every Element - SSC as a Platform
Yoav Landman
|
CTO & Co-founder, JFrog
https://sessionize.com/image/4108-400o400o1-SHHWyQhAZFcktMrNnSjktP.jpg
Yoav is a devout engineer, the creator of Artifactory, and a Co-founder and Chief Technology Officer of JFrog. With over 20 years of experience as a Software Architect of enterprise applications, he plays a significant role in the evolution of DevOps. In 2006, Yoav created Artifactory as an open source project paving the way for the software community to a new domain of managing binaries. Prior to JFrog, Yoav created many production solutions as a consultant in the fields of Continuous Integration and Distributed Systems. He is also an accredited speaker and a Java Rockstar.
WED 9:15 AM - 9:40 AM
Top Frog
Managing and securing the software supply chain end-to-end is one of the most difficult challenges facing DevOps and DevSecOps teams today. As developers continue to push all boundaries on the left and right side of the software release cycle, enterprise focus remains on binaries, and their movement through the pipeline automatically and securely. See how an integrated, consistent platform approach is the only way to solve next-gen supply chain challenges!
4
9:40 AM
Keynote
Release Fast (and Secure) or Die!
Yossi Shaul
|
SVP of R&D, JFrog
https://sessionize.com/image/9852-400o400o1-nP62dGfmkbbN2uQJKUSGpf.jpeg
Yossi joined JFrog in 2010 as the Development Manger and has risen over the years to Senior Vice President of R&D. He has vast hands-on Java experience and Artifactory development, knowledge, and practice. Previously, Yossi worked at AlphaCSP and has been involved in numerous projects for various small and large clients such as Viola Networks, NITE, IDI, Cisco, and others. Yossi leads development teams and has gained experience with enterprise-scale applications, build technologies, software engineering, and agile methodologies, and is an active committer in several open-source projects.
Gali Zisman
|
VP of Product, JFrog
https://sessionize.com/image/a25d-400o400o1-ExPaX4xVzaAXWbYDwLTrnh.png
WED 9:40 AM - 10:20 AM
Top Frog
Repetitive tasks are the antithesis of speed. The only way to deliver software rapidly, securely and with quality is to automate software packages across the software supply chain to drive enhanced testing, improve decision-making, eliminate bottlenecks and holistically manage your software resources. Join us to explore JFrog’s new release-first approach, including exclusive swampUP announcements, first-time demonstrations & key product advancements!
5
10:20 AM
Keynote
Shielding the Foundation: Security Across Your SSC
Asaf Karas
|
CTO Security, JFrog
https://sessionize.com/image/2efe-400o400o1-pKr2UJ5A29vGEiniNr1Jok.jpg
Asaf is Chief Technology Officer for JFrog Security. A seasoned security expert, Karas has extensive experience in reverse engineering, device debugging, network forensics, malware analysis, big data, and anomaly detection. Prior to JFrog, Karas served as CTO of Vdoo, which delivered an integrated security platform designed for connected, IoT, and embedded devices. Vdoo was acquired by JFrog in June 2021. Karas also spent several years working with international military organizations. Asaf spent almost 15 years leading security research at the Israeli Defense Forces, where he served as branch leader for over 100 cyber specialists.
Eyal Dyment
|
JFrog VP of Product
https://sessionize.com/image/ba8e-400o400o1-NpLD4bpJw7BH3ydso4TWSH.jpg
WED 10:20 AM - 11:00 AM
Top Frog
Developers are now the target of the attacker, with binaries available publicly. While it's unlikely that the concept of security point solutions will completely disappear, it’s clear that the market is demanding a consolidated, comprehensive approach to pipeline security across the attack surface. With the increasing complexity of software supply chains, security and governance are becoming critical on developer’s machines, at the C-level and in boardrooms. Next-gen software supply chain solutions must incorporate robust, holistic security or risk being the next tool to be consolidated. See brand-new demonstrations of the DevOps-centric approach to security that will drive the pipelines of tomorrow.
6
11:00 AM
Coffee Break
WED 11:00 AM - 11:20 AM
The Swamp
7
11:20 AM
Keynote
Game On: How DevOps Leveled Up Riot Games
Keith Humphreys
|
Senior Engineering Manager, Riot Games
https://sessionize.com/image/602b-400o400o1-nTewdmiAdKebtNo8dLqrpV.jpg
Keith Humphreys is a Senior Engineering Manager at Riot Games. He has spent 20 years working in network engineering for service providers in Europe, and Riot Direct more recently.
Michael Biggs
|
Tech Lead, Riot Games
https://sessionize.com/image/d0f4-400o400o1-sxs7oqWkMQL7F6cDt54vUU.jpeg
Michael Biggs is a Tech Lead in the Riot Systems Engineering Team. Michael has been involved in technology including IT, engineering, and networking since the late 90's. Prior to Riot Games, Michael ran a global engineering team at the Walt Disney company where he worked for almost 20+ years.
WED 11:20 AM - 11:50 AM
Top Frog
As one of the leaders in the gaming and esports industry, it takes a lot of work to evolve ideas into full masterpieces for players to enjoy. From creating a centralized repository to shifting to the cloud, Riot Games is driving their ongoing technological evolution. Come listen to Keith Humphreys, Senior Engineering Manager, and Michael Biggs, Tech Lead Systems Engineering, talk through how Riot Games leverages their DevOps strategy to remove technical barriers so developers can move faster.
8
11:50 AM
Keynote
Fireside Chat: Supply Chain Risk Mitigation with Security Guru, Bruce Schneier
Bruce Schneier
|
Chief of Security Architecture, inrupt
https://sessionize.com/image/24a8-400o400o1-GLu7TAiZKnHfHisQowKwB1.jpg
Bruce is an internationally renowned security technologist, called a security guru by the Economist. He is the New York Times best-selling author of 14 books -- including Click Here to Kill Everybody -- as well as hundreds of articles, essays, and academic papers. His influential newsletter Crypto-Gram and blog Schneier on Security are read by over 250,000 people. Schneier is a fellow at the Berkman-Klein Center for Internet and Society at Harvard University;
a Lecturer in Public Policy at the Harvard Kennedy School; a board member of the Electronic Frontier Foundation, AccessNow, and the Tor Project; and an advisory board member of EPIC and VerifiedVoting.org.
"We are stretching authentication and web security protocols in ways that have never been done before and using them in ways that haven’t been considered yet. This isn’t just people authentication but machine authentication.”
Stephen Chin
|
VP of Developer Relations
https://sessionize.com/image/1c93-400o400o1-9f-1282-4674-9d21-f88e30c8232e.aa421c31-68db-4833-bbb8-ef17df5ef477.jpg
Stephen Chin is VP of Developer Relations at JFrog, chair of the CDF governing board, member of the CNCF and OpenSSF governing boards, and author of The Definitive Guide to Modern Client Development, Raspberry Pi with Java, Pro JavaFX Platform, and the DevOps Tools for Java Developers title from O'Reilly. He has keynoted numerous conferences around the world including swampUP, Devoxx, JNation, JavaOne, Joker, and Open Source India. Stephen is an avid motorcyclist who has done evangelism tours in Europe, Japan, and Brazil, interviewing hackers in their natural habitat. When he is not traveling, he enjoys teaching kids how to do embedded and robot programming together with his daughters.
WED 11:50 AM - 12:30 PM
Top Frog
“Shifting left” is the right process for the business, but it’s a tectonic move for developers and DevOps experts. How can a development team cope with these responsibilities and work alongside - not in spite of - security teams? No one’s better to help us with this conundrum than world-renowned security expert and author Bruce Schneier, who will join us live on the keynote stage at swampUP. Hear from Bruce about the new threat landscape for security with software supply chain attacks like SolarWinds and log4shell that are disrupting businesses and security practices globally. This is a rare chance to hear from and ask audience questions to an expert like Bruce about how DevOps and DevSecOps communities can react and fortify their processes as the modern target for software supply chain attacks.
9
12:30 PM
Lunch
WED 12:30 PM - 1:30 PM
The Swamp
10
1:30 PM
Session
Migrating to the Cloud at Scale - Fidelity Did It, So Can You
Gerard McMahon
|
Head of ALM Tools and Platforms, Fidelity Investments
https://sessionize.com/image/6ed8-400o400o1-LMhEwbbuXA7AUZCrWkPpVa.jpeg
Gerard McMahon is a VP of Architecture and currently “Head of ECC ALM Tools and Platforms”, whose mission is to provide an open and flexible Software Delivery Platform to increase the velocity of developers for delivery of business value with confidence at scale.
I am a strong advocate of Software Delivery Excellence and incorporating the principles of agility, engineering and operational excellence for building high performing teams and enabling a DevOps culture. I am passionate about enabling connection and collaboration across the tools and services in the Software Delivery ecosystem to break down silo’s and create data driven insights for innovation and continuous learning in accelerating the delivery of high quality business value.
WED 1:30 PM - 2:10 PM
Top Frog
How does a large financial services institution migrate its application portfolio to the cloud at scale? Please join me as I share how Fidelity Investments began its cloud migration journey and how (and why) its strategy, mission and focus areas have evolved over time. I will also describe Fidelity’s Application Software Delivery platform with a focus on the important work we are doing with JFrog to ensure the security of all open source code and the criticality of artifact availability to applications at run time in production.
12
Session
Supply Chain Robots, Electric Sheep, and SLSA
Brett Smith
|
Software Architect, SAS
https://sessionize.com/image/2256-400o400o1-Tj1tt8x3hnnUNuUi2UeFMJ.jpg
Software Architect/Engineer/Developer with 20+ years of experience.
Specialties: Automation, Continuous Integration/Delivery/Testing/Deployment Pipelines
Expertise: Linux, packaging, and tool design.
WED 1:30 PM - 2:10 PM
Panther Frog
In this session, I'll cover creating automation, shifting left, attack vectors, attestations, verification, zero-trust, and how the SLSA spec helps implement solutions for each.
The main takeaway is that security needs to be applied everywhere in the pipeline. The talk will lead to a greater discussion around the challenges of securing the supply chain, supporting EO 14028 and ISO27001, and improving the security posture of your pipelines.
13
2:15 PM
Session
CVSS In-Depth: Can You Trust The World's Most Popular Vulnerability Metric?
Shachar Menashe
|
Sr. Director Security Research, JFrog
https://sessionize.com/image/b846-400o400o1-BBDSnPuTqyKWXMHiUrqARJ.PNG
Shachar is the Senior Director of Security Research at JFrog. With over 10 years of experience in security research, including low-level R&D, reverse engineering and vulnerability research, Shachar is responsible for leading a team of researchers in discovering and analyzing emerging security vulnerabilities and malicious packages. He joined JFrog through the Vdoo acquisition in June 2021, where he served as vice president of security. Before joining Vdoo, Shachar worked as a team leader at boutique research company NorthBit which was acquired by AR giant Magic Leap. He was then put in charge of Magic Leap's low-level OS security team, where he continued specializing in areas such as Linux & Android security architecture, implementing custom kernel and bootloader mitigations, and securing development lifecycle processes. This led to a successful release of Magic Leap's OS which has remained unhacked to this day. Shachar holds a B. Sc in Electronics Engineering and Computer Science from Tel-Aviv University.
WED 2:15 PM - 2:55 PM
Top Frog
There are a number of metrics that can be used to get a better understanding of the vulnerabilities that may be present in software. There is the Common Weakness Scoring System (CWSS), the Exploitability Index (EI), and the National Vulnerability Database (NVD) which includes the Common Vulnerability Enumeration (CVE). With all of the metrics how do you determine what vulnerabilities exist in your software?
In this session, we will explain some of the most used metrics in security and walk through real-world CVE examples, highlighting instances and entire categories where CVSSv3.1 falls short of providing an accurate score, both due to its design and its various flaws. The session will also cover specific indicators in the CVE description that can increase the confidence in a CVSS rating, and vice versa.
14
Session
DevOps at Netflix
Tejas Chopra
|
Senior Software Engineer, Netflix
https://sessionize.com/image/8caf-400o400o1-NL4BWWTNSwV2YY7sZEzLS8.jpeg
Tejas is a Senior Software Engineer, working in the Data Storage Platform team at Netflix. He's responsible for architecting storage solutions to support Netflix Studios and Netflix Streaming Platform. Before Netflix, Tejas was working on designing and implementing the storage infrastructure at Box, Inc. to support a cloud content management platform that scales to petabytes of storage & millions of users. Tejas has worked on distributed file systems & backend architectures, both in on-premise and cloud environments as part of several startups in his career. Tejas is an International Keynote Speaker and periodically conducts seminars on Micro services, NFTs, software development, and cloud computing. He has an MA in Electrical and Computer Engineering from Carnegie Mellon University, with a specialization in Computer Systems.
WED 2:15 PM - 2:55 PM
Wonder Frog
Netflix is a global leader in video streaming and has always been known in the valley for its culture document, a seminal work in setting the context for culture. In this session, I'll shed light on how Netflix thinks about DevOps, and how our culture permeates our thoughts on Agile practices, DevOps, and development. It'll be a great way to get a glimpse of how loosely-coupled and highly-aligned Netflix is, and participants will learn how they can apply some parts of our culture to their organizations.
15
Session
Developers Care About Artifacts: Let's Bring Them Forward
Ant(on) Weiss
|
Founder & CEO, Otomato
https://sessionize.com/image/f4cd-400o400o1-RH6X9beKyqCS4cCLsyDSwN.jpg
Anton has spent 15 years in tech, marketing, and leadership roles in software delivery optimization and technical and executive training. He's an expert in DevOps, lean, systems thinking, continuous delivery, cloud-native, and decentralized systems. Anton is a coder, speaker, and writer. He's Fixated on enhancing the ways humans collaborate by telling mind-provoking stories.
WED 2:15 PM - 2:55 PM
Panther Frog
IDPs (Internal Developer Portals) are all the rave now. Backstage is the CNCF project allowing organizations to build their own IDP. In this talk I'll describe the value of an internal dev portal, present Backstage, and the JFrog integration for Backstage that we're building for our customers.
16
2:55 PM
Coffee Break
WED 2:55 PM - 3:15 PM
The Swamp
18
3:50 PM
Session
Shifting Further Left Than Left
Asaf Barkan
|
Director of Product Management, JFrog
https://sessionize.com/image/8134-400o400o1-hnGzjZWcLXxsCQ68Zz7L1h.jpeg
I am passionate about leveraging technology to solve real life problems.
I am a cloud and application security expert, with 20 years of deep experience in cyber security consulting, development and R&D management. Served as an officer in an IDF elite cyber security unit.
I co-founded SkyFormation to meet a major industry need in Cloud security.
WED 3:50 PM - 4:30 PM
Top Frog
The world is abuzz with “shifting left” to bring security processes earlier in the cycle for development teams. But what about the code, packages and components developers bring into an organization before they even touch the keyboard to create their software? No, this isn’t a session about how OSS is too risky to use. Join JFrog to see how the concept of software curation is gaining steam across the enterprise, and how developers can embrace the packages and libraries they need to use to move fast, all while keeping the security boogeymen at bay with the just-right amount of automated governance.
19
Session
Interoperability and The Problem that Open Source is Working to Solve
Tracy Ragan
|
CEO, DeployHub & CDF Board Member
https://sessionize.com/image/6a61-400o400o1-QoXueUS2EHEMPqLuyA8yzB.jpg
Tracy is CEO and Co-Founder of DeployHub. DeployHub is the first microservice management platform designed to facilitate the sharing, relationship mapping, and deployment of microservices. Tracy is an expert in configuration management and pipeline life cycle practices with a hyper-focus on microservices and cloud-native architecture. She served as a board member of the Continuous Delivery Foundation (CDF) and the OpenSSF where she was the elected General Member Representative. Tracy currently serves on the board of the CDF Technology Oversight Committee. Tracy is a recognized evangelist in microservices and the continuous delivery pipeline. She is the creator of the Continuous Delivery Foundation Interactive Landscape, a blog contributor for the CDF, and speaks at many DevOps events such as JFrog SwampUp, CDCon, OpenSSF Days, and CloudBees DevOpsWorld. Tracy is also a host of TechStrong Women TV where she interviews technologists who just happen to be women. Before DeployHub, Tracy was the COO and co-founder of OpenMake Software, a build acceleration and management tool that is the heart of development for over 400 enterprise development teams. She served on the Eclipse Foundation Board as a founding member from 2004 -2007.
WED 3:50 PM - 4:30 PM
Wonder Frog
The CDF Project CDEvents works on creating a common specification for Continuous Delivery, paving the way for establishing interoperability within the ecosystem. With CDEvents, communities, vendors, and end users will be able to make the different tools and technologies such as CI/CD orchestrators, artifact repositories, test frameworks, and security scanners interoperate with each other in a standardized manner. This will essentially enable the organizations to spend less time on integrating the tools with each other and instead focus on value adding activities while achieving scalability, security and sustainability of their pipelines. In this session, we will discuss the problems caused by lack of interoperability within the CD ecosystem, summarize the efforts of the CD Foundation and other open source organizations are taking to solve this problem and provide updates regarding CDEvents project that is gaining significant momentum and adoption.
20
Session
The Operationalism of DevSecOps
John Willis
|
Botchagalupe Technologies
https://sessionize.com/image/9aed-400o400o1-X3vnmwdRBggmkqXqVjfg8a.png
John Willis was Senior Director of the Global Transformation Office at Red Hat Prior to Red Hat,he was the Director of Ecosystem Development for Docker, which he joined after the company he co-founded (SocketPlane, which focused on SDN for containers) was acquired by Docker in February 2015. Previous to founding SocketPlane in Fall 2014, John was the Chief DevOps An Evangelist at Dell, which he joined following the Enstratius acquisition in May 2013. He has also held past executive roles at Chef and Canonical. John was one of the earliest cloud evangelists and is considered one of the founders of the Devops movement. John is the author of 7 IBM Redbooks. He is also the co-author of the “Devops Handbook” and “Beyond the Phoenix Project” along with author Gene Kim.
WED 3:50 PM - 4:30 PM
Panther Frog
Operationalism is a cornerstone of operations management, and is based on the intuition that we do not know the meaning of a concept unless we have a method of measurement for it.
Percy Williams Bridgman coined "operationalism" in his book The Logic of Physics (1927). Bridgman's work, specifically around an operational definition, heavily influenced W. Edward Deming's work. In Dr. Deming's "New Economics," he said: "An operational definition is a procedure agreed upon for translation of a concept into a measurement of some kind."
I'll discuss Dr. Deming's work in this presentation, and explain how he would have viewed standard DevSecOps metrics.
21
4:35 PM
Session
Hackers Know What You Have Running In Production. Do You?
Melissa McKay
|
Developer Advocate, JFrog
https://sessionize.com/image/efa4-400o400o1-B5NA5187XjfNpZP8cCBpfr.jpg
Melissa's background and experience as a software engineer spans a slew of technologies and tools used in the development and operation of enterprise products and services. She is a mom, software engineer, Java geek, huge fan of UNconferences, and is always on the lookout for ways to grow and learn. She has spoken at CodeOne, Java Dev Day Mexico and is part of the JCrete and JAlba UNconference teams. She is currently a Developer Advocate for JFrog, Inc.
Damian Curry
|
Community and Alliances Technical Director - NGINX
https://sessionize.com/image/7cdc-400o400o1-RCLGsMDJUGiEVYbDezCss4.jpg
After many years of managing infrastructure for multiple companies, Damian now heads up all things technical for Community and Alliances for NGINX. Damian is a long time NGINX user, and it has played a key role in almost every environment he has managed.
WED 4:35 PM - 5:15 PM
Top Frog
Over 80 percent of code used in enterprise applications comes from open source dependencies, but how much attention goes towards the provenance and security of those packages? And in the pursuit of accelerated software development, developers are leveraging more and more libraries, so how do you prevent defects or malicious payloads from compromising the security of your production applications?
Securing the software supply chain is a huge undertaking for the entire tech industry. As an example of how to address production security issues, we'll explore a practical use case of applying blue/green deployments to mitigate a security issue.
22
Session
Demystifying Artifactory Upgrades
Jyostna Seelam
|
Lead Software Engineer, Capital One
https://sessionize.com/image/135c-400o400o1-7LMPqSvoNQXPiqhMhmpD5r.jpg
Jyostna has been with Capital One for six years. She makes software engineering practices part of building infrastructure and solving operational problems. This way, she can create and manage highly scalable and reliable distributed software systems. She pays close attention to resiliency and user experience.
WED 4:35 PM - 5:15 PM
Wonder Frog
Artifactory's role in enterprises' day-to-day lives is huge and important. Developers are responsible for building and delivering world-class products for the company. Upgrades are important for every product to get the best possible state and to accommodate changes. However, from time to time, Artifactory must work without downtime or degraded performance. This is challenging regarding implementing practices that are already in place. This session will discuss our upgrade process, highlight the best policies we followed, and share the learnings we gained. This is important, because it can help us with future upgrades.
23
Session
Secure Your DevOps Pipeline with New Security Tooling
Tracy Ragan
|
CEO, DeployHub & CDF Board Member
https://sessionize.com/image/6a61-400o400o1-QoXueUS2EHEMPqLuyA8yzB.jpg
Tracy is CEO and Co-Founder of DeployHub. DeployHub is the first microservice management platform designed to facilitate the sharing, relationship mapping, and deployment of microservices. Tracy is an expert in configuration management and pipeline life cycle practices with a hyper-focus on microservices and cloud-native architecture. She served as a board member of the Continuous Delivery Foundation (CDF) and the OpenSSF where she was the elected General Member Representative. Tracy currently serves on the board of the CDF Technology Oversight Committee. Tracy is a recognized evangelist in microservices and the continuous delivery pipeline. She is the creator of the Continuous Delivery Foundation Interactive Landscape, a blog contributor for the CDF, and speaks at many DevOps events such as JFrog SwampUp, CDCon, OpenSSF Days, and CloudBees DevOpsWorld. Tracy is also a host of TechStrong Women TV where she interviews technologists who just happen to be women. Before DeployHub, Tracy was the COO and co-founder of OpenMake Software, a build acceleration and management tool that is the heart of development for over 400 enterprise development teams. She served on the Eclipse Foundation Board as a founding member from 2004 -2007.
WED 4:35 PM - 5:15 PM
Panther Frog
IT teams across the globe have experienced a security awakening. This awakening has resulted in the release of new open-source tools you can use today, from hardening the build process to collecting actionable supply chain intelligence. This presentation will review the new generation of open-source security tools you should consider implementing as part of your security strategy. It'll cover the five phases of the DevOps Pipeline, and the tools needed in each phase to build the basic security guardrails needed across your development to release life cycle.
24
5:20 PM
Session
Why “SBOM” Isn’t a 4-Letter Word
Bill Manning
|
Solutions Engineering Manager, JFrog
https://sessionize.com/image/1c77-400o400o1-hrMo4r2kTsE5Q57KixZXDW.jpg
Bill is a Solutions Engineering Manager with JFrog. He's also a mentor with TechStars (Nike Incubator), Matter, and NestGSV. He has successfully exited three companies and took one public in Australia. He's also currently helping various startups as an advisor. In his spare time, he likes to travel with his wife and two boys. He also plays guitar, loves gadgets, and IOT, lives for the beach, rides skateboards, and is an avid cyclist.
WED 5:20 PM - 6:00 PM
Top Frog
When the White House's cybersecurity executive order from May 2021 was issued, the Software Bill of Materials (SBOM) graduated from being a "nice to have" to a "must-have" when developing and deploying secure software. The SBOM shows which parts make up a software program and how it was assembled. This lets you check for security and compliance problems at every stage and with every component. In this talk, we'll define the SBOM, misconceptions that exist around the SBOM, insights and best practices on SBOM creation and usage, and more.
25
Session
How to Take Prometheus Planet-Scale: Massively Large Scale Metrics Deployments
Vijay Samuel
|
Observability Architect, eBay
https://sessionize.com/image/1351-400o400o1-7Dc1BBPqv5J1KTz87GsK3R.jpg
Vijay works with eBay's observability platform as its architect. During his time at eBay, Vijay has transformed eBay's observability platform into a cloud-native offering that's primarily built on top of open source technologies. He loves to code in Go and play video games.
Sandeep Chatra Raveesh
|
Observability Lead, eBay
https://sessionize.com/image/82ab-400o400o1-hpvSBKAGMH5RSFG9VHiLqa.jpg
Sandeep is a lead software engineer at eBay, specializing in building and maintaining the observability platform.
WED 5:20 PM - 6:00 PM
Wonder Frog
Observability at eBay has been on an exponential growth curve. What was a low 2M/sec ingest rate of time series in 2017 is now roughly 40M/sec with active time series close to three billion. Our current cortex-inspired architecture of Prometheus builds sharding and clustering on top of the Prometheus TSDB.
It's relatively simple to shard/replicate tenants of data in centralized clusters. However, large clusters with growing cardinality become less useful as query latencies degrade considerably. In 2020, Google published a paper on its time-series database Monarch, dubbed a planet-scale TSDB. The paper gave us some useful hints on how we could decentralize our installations and go fully planet scale. We started with a prototype to federate queries to TSDBs from different cities. Now, it lets us deploy our TSDBs anywhere using Kubernetes operators and Prometheus.
This session focuses on the planet-scale architecture of our metrics platform, how GitOps has facilitated absorbing the complexity of massive deployment, and more.
26
Session
Software Composition Analysis with Xray
Lidor Gerstel
|
Senior Devops at Papaya Global
https://sessionize.com/image/ae8e-400o400o1-Qf4iNcCSioAvUDkNCXE2gV.jpg
Lidor is a DevOps team leader and experienced trainer with a demonstrated history of leading CI/CD projects in the industry. He's Skilled in Kubernetes, Docker, AWS, and Jenkins, and is a certified AWS Solution Architect.
WED 5:20 PM - 6:00 PM
Panther Frog
Do you have Software Composition Analysis (SCA)? And if you do, is it mainstream? Or has no one noticed it? I'll answer these questions in my session about SCA, as well as how to detect secrets, and exposures while you're driving your precious CI process.
27
6:00 PM
Closing Remarks & Raffles
WED 6:00 PM - 6:10 PM
The Swamp
