Menu
AGENDA
SwampUP 2023 is a full day dedicated to your DevOps and DevSecOps Journey.
Many topics to choose from, including Cloud Native, DevSecOps, Enterprise DevOps, and Digital Transformation.
Click on the filter to select the topic(s) you are interested in.
September 13, 2023
1
7:30 AM
Registration
WED 7:30 AM - 1:30 PM
The Swamp
2
8:45 AM
Keynote
The Next-Gen Software Supply Chain
Shlomi Ben Haim
|
CEO & Co-founder, JFrog
https://sessionize.com/image/09f4-400o400o2-VTfsc8y312g9sYjdNZWt6t.jpg
Shlomi is CEO and co-founder of JFrog, creators of the universal DevOps platform. He brings over 20 years of experience in building profitable, high-growth information technology companies. Prior to JFrog, Shlomi was the CEO of AlphaCSP (acquired in 2005 by MalamTeam) and was a Major in the Israeli Air Force. Shlomi holds an MS from Clark University (Massachusetts) and a BA from Ben-Gurion University (Israel).
WED 8:45 AM - 9:00 AM
Top Frog
The evolution from DevOps and CI/CD to cloud-native technologies, microservices architecture, security and governance - and now all the way to automation and Artificial Intelligence - requires a new generation of SSC management that aims to deliver software faster, with higher quality, enhanced security, and improved customer experiences. In this session, we’ll share insights from over 7,000 JFrog customers, and what the F100 list tells us about where the software supply chain is headed. Get Ready for Next!
3
9:00 AM
Keynote
Incorporating Every Element - SSC as a Platform
Yoav Landman
|
CTO & Co-founder, JFrog
https://sessionize.com/image/0eb8-400o400o2-SHHWyQhAZFcktMrNnSjktP.jpg
Yoav is a devout engineer, the creator of Artifactory, and a Co-founder and Chief Technology Officer of JFrog. With over 20 years of experience as a Software Architect of enterprise applications, he plays a significant role in the evolution of DevOps. In 2006, Yoav created Artifactory as an open source project paving the way for the software community to a new domain of managing binaries. Prior to JFrog, Yoav created many production solutions as a consultant in the fields of Continuous Integration and Distributed Systems. He is also an accredited speaker and a Java Rockstar.
WED 9:00 AM - 9:25 AM
Top Frog
Managing and securing the software supply chain end-to-end is one of the most difficult challenges facing DevOps and DevSecOps teams today. As developers continue to push all boundaries on the left and right side of the software release cycle, enterprise focus remains on binaries, and their movement through the pipeline automatically and securely. See how an integrated, consistent platform approach is the only way to solve next-gen supply chain challenges!
4
9:25 AM
Keynote
Game On: How DevOps Leveled Up Riot Games
Keith Humphreys
|
Senior Engineering Manager, Riot Games
https://sessionize.com/image/1ea1-400o400o2-nTewdmiAdKebtNo8dLqrpV.jpg
Keith Humphreys is a Senior Engineering Manager at Riot Games. He has spent 20 years working in network engineering for service providers in Europe, and Riot Direct more recently.
Michael Biggs
|
Tech Lead, Riot Games
https://sessionize.com/image/1df8-400o400o2-sxs7oqWkMQL7F6cDt54vUU.jpeg
Michael Biggs is a Tech Lead in the Riot Systems Engineering Team. Michael has been involved in technology including IT, engineering, and networking since the late 90's. Prior to Riot Games, Michael ran a global engineering team at the Walt Disney company where he worked for almost 20+ years.
WED 9:25 AM - 9:55 AM
Top Frog
As one of the leaders in the gaming and esports industry, it takes a lot of work to evolve ideas into full masterpieces for consumers to enjoy. From creating a centralized repository to shifting to the cloud, Riot Games is driving their ongoing technological evolution. Come listen to Keith Humphreys, Senior Engineering Manager, and Michael Biggs, Tech Lead Systems Engineering, talk through how Riot Games leverages their DevOps strategy to remove technical barriers so developers can move faster.
5
9:55 AM
Keynote
Release Fast (and Secure) or Die!
Yossi Shaul
|
SVP of R&D, JFrog
https://sessionize.com/image/4c9c-400o400o2-nP62dGfmkbbN2uQJKUSGpf.jpeg
Yossi joined JFrog in 2010 as the Development Manger and has risen over the years to Senior Vice President of R&D. He has vast hands-on Java experience and Artifactory development, knowledge, and practice. Previously, Yossi worked at AlphaCSP and has been involved in numerous projects for various small and large clients such as Viola Networks, NITE, IDI, Cisco, and others. Yossi leads development teams and has gained experience with enterprise-scale applications, build technologies, software engineering, and agile methodologies, and is an active committer in several open-source projects.
Gali Zisman
|
VP of Product, JFrog
https://sessionize.com/image/d3c4-400o400o2-ExPaX4xVzaAXWbYDwLTrnh.png
WED 9:55 AM - 10:35 AM
Top Frog
Repetitive tasks are the antithesis of speed. The only way to deliver software rapidly, securely and with quality is to automate software packages across the software supply chain to drive enhanced testing, improve decision-making, eliminate bottlenecks and holistically manage your software resources. Join us to explore JFrog’s new release-first approach, including exclusive swampUP announcements, first-time demonstrations & key product advancements!
6
10:35 AM
Coffee Break
WED 10:35 AM - 10:55 AM
The Swamp
7
10:55 AM
Keynote
DevSecOps Point Solutions - What's the Point?
Asaf Karas
|
CTO Security, JFrog
https://sessionize.com/image/f438-400o400o2-pKr2UJ5A29vGEiniNr1Jok.jpg
Asaf is Chief Technology Officer for JFrog Security. A seasoned security expert, Karas has extensive experience in reverse engineering, device debugging, network forensics, malware analysis, big data, and anomaly detection. Prior to JFrog, Karas served as CTO of Vdoo, which delivered an integrated security platform designed for connected, IoT, and embedded devices. Vdoo was acquired by JFrog in June 2021. Karas also spent several years working with international military organizations. Asaf spent almost 15 years leading security research at the Israeli Defense Forces, where he served as branch leader for over 100 cyber specialists.
Eyal Dyment
|
JFrog VP of Product
https://sessionize.com/image/f56d-400o400o2-NpLD4bpJw7BH3ydso4TWSH.jpg
WED 10:55 AM - 11:35 AM
Top Frog
Developers are now the target of the attacker, with binaries available publicly. While it's unlikely that the concept of security point solutions will completely disappear, it’s clear that the market is demanding a consolidated, comprehensive approach to pipeline security across the attack surface. With the increasing complexity of software supply chains, security and governance are becoming critical on developer’s machines, at the C-level and in boardrooms. Next-gen software supply chain solutions must incorporate robust, holistic security or risk being the next tool to be consolidated. See brand-new demonstrations of the DevOps-centric approach to security that will drive the pipelines of tomorrow.
8
11:20 AM
Coffee Break
WED 11:20 AM - 11:35 AM
The Swamp
9
11:35 AM
Keynote
Securing a World of Physically Capable Computers
Bruce Schneier
|
Chief of Security Architecture, inrupt
https://sessionize.com/image/b7bf-400o400o2-GLu7TAiZKnHfHisQowKwB1.jpg
Bruce is an internationally renowned security technologist, called a security guru by the Economist. He is the New York Times best-selling author of 14 books -- including Click Here to Kill Everybody -- as well as hundreds of articles, essays, and academic papers. His influential newsletter Crypto-Gram and blog Schneier on Security are read by over 250,000 people. Schneier is a fellow at the Berkman-Klein Center for Internet and Society at Harvard University;
a Lecturer in Public Policy at the Harvard Kennedy School; a board member of the Electronic Frontier Foundation, AccessNow, and the Tor Project; and an advisory board member of EPIC and VerifiedVoting.org.
"We are stretching authentication and web security protocols in ways that have never been done before and using them in ways that haven’t been considered yet. This isn’t just people authentication but machine authentication.”
WED 11:35 AM - 12:15 PM
Top Frog
Computer security is no longer about data; it’s now about life and property. This change makes an enormous difference, and will shake up our industry in many ways. First, data authentication and integrity will become more important than confidentiality. Second, our largely regulation-free Internet will become a thing of the past. Soon we will no longer have a choice between government regulation and no government regulation. Our choice will be between “smart” government regulation and “stupid” government regulation. Given this likely future, it’s vital that we look back at what we’ve learned from past attempts to secure these systems, and forward at what technologies, laws, regulations, economic incentives, and social norms we need to secure them in the future.
10
12:15 PM
Lunch
WED 12:15 PM - 1:15 PM
The Swamp
11
1:15 PM
Session
Migrating to the Cloud at Scale - Fidelity Did It, So Can You
Gerard McMahon
|
Head of ALM Tools and Platforms, Fidelity Investments
https://sessionize.com/image/bfb1-400o400o2-LMhEwbbuXA7AUZCrWkPpVa.jpeg
Gerard McMahon is a VP of Architecture and currently “Head of ECC ALM Tools and Platforms”, whose mission is to provide an open and flexible Software Delivery Platform to increase the velocity of developers for delivery of business value with confidence at scale.
I am a strong advocate of Software Delivery Excellence and incorporating the principles of agility, engineering and operational excellence for building high performing teams and enabling a DevOps culture. I am passionate about enabling connection and collaboration across the tools and services in the Software Delivery ecosystem to break down silo’s and create data driven insights for innovation and continuous learning in accelerating the delivery of high quality business value.
WED 1:15 PM - 1:55 PM
Top Frog
More details coming soon!
Join Ger McMahon of Fidelity as he explores best practices, lessons learned and tips for moving forward with your DevOps cloud initiatives based on years of platform engineering and DevOps service experience at one of the world's leading institutions.
12
Session
The Broken Promises of DevSecOps
Jonathan Sar Shalom
|
Director of Threat Research, JFrog
https://sessionize.com/image/899d-400o400o2-cTNqrPYNTTbA5EXK5yVqB.jpeg
Jonathan is the Director of Threat Research at JFrog Security. Jonathan’s background includes more than 14 years in cyber security, with experience in security research, reverse engineering, and malware analysis. He currently leads the Threat Research team in JFrog Security, specializing in vulnerabilities analysis, threat intelligence research, and automated threats detection.
WED 1:15 PM - 1:55 PM
WonderFrog
Adding “Sec” in the middle of DevOps was supposed to make security easy, right? Then came the issues: when you don’t know what to fix, you fix everything - and you know it’s a huge waste of time. You didn’t know what the best path fix it all was, so you patched everything, and broke all the downstream builds. That wasn't the promise. DevSecOps tools are supposed to be smarter for development teams, cover more of the attack surface and make everything simple to use. Is that too much to ask? Not anymore! Join JFrog to see how a DevOps-centric approach to pipeline security makes “Sec” practical for “Dev,” delivers better data, more actionable insight, and more importantly, gets teams back to safely coding fast!
13
Session
Supply Chain Robots, Electric Sheep, and SLSA
Brett Smith
|
Software Architect, SAS
https://sessionize.com/image/afc6-400o400o2-Tj1tt8x3hnnUNuUi2UeFMJ.jpg
Software Architect/Engineer/Developer with 20+ years of experience.
Specialties: Automation, Continuous Integration/Delivery/Testing/Deployment Pipelines
Expertise: Linux, packaging, and tool design.
WED 1:15 PM - 1:55 PM
WakandaFrog
In this session, I'll cover creating automation, shifting left, attack vectors, attestations, verification, zero-trust, and how the SLSA spec helps implement solutions for each.
The main takeaway is that security needs to be applied everywhere in the pipeline. The talk will lead to a greater discussion around the challenges of securing the supply chain, supporting EO 14028 and ISO27001, and improving the security posture of your pipelines.
14
2:00 PM
Session
Hackers Know What You Have Running In Production. Do You?
Melissa McKay
|
Developer Advocate, JFrog
https://sessionize.com/image/1c1d-400o400o2-B5NA5187XjfNpZP8cCBpfr.jpg
Melissa's background and experience as a software engineer spans a slew of technologies and tools used in the development and operation of enterprise products and services. She is a mom, software engineer, Java geek, huge fan of UNconferences, and is always on the lookout for ways to grow and learn. She has spoken at CodeOne, Java Dev Day Mexico and is part of the JCrete and JAlba UNconference teams. She is currently a Developer Advocate for JFrog, Inc.
WED 2:00 PM - 2:40 PM
Top Frog
Over 80 percent of code used in enterprise applications comes from open source dependencies, but how much attention goes towards the provenance and security of those packages? And in the pursuit of accelerated software development, developers are leveraging more and more libraries, so how do you prevent defects or malicious payloads from compromising the security of your production applications?
Securing the software supply chain is a huge undertaking for the entire tech industry. As an example of how to address production security issues, we'll explore a practical use case of applying blue/green deployments to mitigate a security issue.
15
Session
DevOps at Netflix
Tejas Chopra
|
Senior Software Engineer, Netflix
https://sessionize.com/image/c6a7-400o400o2-NL4BWWTNSwV2YY7sZEzLS8.jpeg
Tejas is a Senior Software Engineer, working in the Data Storage Platform team at Netflix. He's responsible for architecting storage solutions to support Netflix Studios and Netflix Streaming Platform. Before Netflix, Tejas was working on designing and implementing the storage infrastructure at Box, Inc. to support a cloud content management platform that scales to petabytes of storage & millions of users. Tejas has worked on distributed file systems & backend architectures, both in on-premise and cloud environments as part of several startups in his career. Tejas is an International Keynote Speaker and periodically conducts seminars on Micro services, NFTs, software development, and cloud computing. He has an MA in Electrical and Computer Engineering from Carnegie Mellon University, with a specialization in Computer Systems.
WED 2:00 PM - 2:40 PM
WonderFrog
Netflix is a global leader in video streaming and has always been known in the valley for its culture document, a seminal work in setting the context for culture. In this session, I'll shed light on how Netflix thinks about DevOps, and how our culture permeates our thoughts on Agile practices, DevOps, and development. It'll be a great way to get a glimpse of how loosely-coupled and highly-aligned Netflix is, and participants will learn how they can apply some parts of our culture to their organizations.
16
Session
Developers Care About Artifacts: Let's Bring Them Forward
Ant(on) Weiss
|
Founder & CEO, Otomato
https://sessionize.com/image/ea10-400o400o2-RH6X9beKyqCS4cCLsyDSwN.jpg
Anton has spent 15 years in tech, marketing, and leadership roles in software delivery optimization and technical and executive training. He's an expert in DevOps, lean, systems thinking, continuous delivery, cloud-native, and decentralized systems. Anton is a coder, speaker, and writer. He's Fixated on enhancing the ways humans collaborate by telling mind-provoking stories.
WED 2:00 PM - 2:40 PM
WakandaFrog
IDPs (Internal Developer Portals) are all the rave now. Backstage is the CNCF project allowing organizations to build their own IDP. In this talk I'll describe the value of an internal dev portal, present Backstage, and the JFrog integration for Backstage that we're building for our customers.
17
2:40 PM
Coffee Break
WED 2:40 PM - 3:00 PM
The Swamp
18
3:35 PM
Session
Shifting Further Left Than Left
Ix-chel Ruiz
|
Senior Software Developer & DA, JFrog
https://sessionize.com/image/60ad-400o400o2-LXLFXbyKvpMJgXnv7nstZd.jpg
Ix-chel has been developing software applications and tools since 2000. Her research interests include Java, dynamic languages, client-side technologies, and testing. She is a Java Champion, CDF Ambassador, hackergarten enthusiast, Open Source advocate, public speaker, and mentor.
WED 3:35 PM - 4:15 PM
Top Frog
The world is abuzz with “shifting left” to bring security processes earlier in the cycle for development teams. But what about the code, packages and components developers bring into an organization before they even touch the keyboard to create their software? No, this isn’t a session about how OSS is too risky to use. Join JFrog to see how the concept of software curation is gaining steam across the enterprise, and how developers can embrace the packages and libraries they need to use to move fast, all while keeping the security boogeymen at bay with the just-right amount of automated governance.
19
Session
Interoperability and The Problem that Open Source is Working to Solve
Fatih Degirmenci
|
Executive Director, Continuous Delivery Foundation
https://sessionize.com/image/17f1-400o400o2-f06d1c09-16cc-42d4-b92b-c7a6d68ce214.jpg
Fatih works at the Linux Foundation, leading the CD Foundation initiatives. He specialises in automation, infrastructure, CI/CD, and DevOps.
Before the Linux Foundation, Fatih was involved in several CI/CD initiatives at Ericsson and open source. He served in the OPNFV Technical Steering Committee and in the CDF Technical Oversight Committee. He created the OPNFV XCI project and was the co-founder of the OpenCI Initiative.
Prior to Ericsson, Fatih worked for Havelsan and its customers including BOEING and BAE Systems.
WED 3:35 PM - 4:15 PM
WonderFrog
More details coming soon!
20
Session
The Operationalism of DevSecOps
John Willis
|
Bad people eat good systems for breakfast.
https://sessionize.com/image/808c-400o400o2-X3vnmwdRBggmkqXqVjfg8a.png
John Willis is Senior Director of the Global Transformation Office at Red Hat Prior to Red Hat,
he was the Director of Ecosystem Development for Docker, which he joined after the company
he co-founded (SocketPlane, which focused on SDN for containers) was acquired by Docker in
February 2015. Previous to founding SocketPlane in Fall 2014, John was the Chief DevOps
An Evangelist at Dell, which he joined following the Enstratius acquisition in May 2013. He has also
held past executive roles at Chef and Canonical. John was one of the earliest cloud evangelists
and is considered one of the founders of the Devops movement. John is the author of 7 IBM
Redbooks. He is also the co-author of the “Devops Handbook” and “Beyond the Phoenix
Project” along with author Gene Kim.
WED 3:35 PM - 4:15 PM
WakandaFrog
Operationalism is a cornerstone of operations management, and is based on the intuition that we do not know the meaning of a concept unless we have a method of measurement for it.
Percy Williams Bridgman coined "operationalism" in his book The Logic of Physics (1927). Bridgman's work, specifically around an operational definition, heavily influenced W. Edward Deming's work. In Dr. Deming's "New Economics," he said: "An operational definition is a procedure agreed upon for translation of a concept into a measurement of some kind."
I'll discuss Dr. Deming's work in this presentation, and explain how he would have viewed standard DevSecOps metrics.
21
4:20 PM
Session
Security Metrics: The Good, The Bad and The Ugly
Ix-chel Ruiz
|
Senior Software Developer & DA, JFrog
https://sessionize.com/image/60ad-400o400o2-LXLFXbyKvpMJgXnv7nstZd.jpg
Ix-chel has been developing software applications and tools since 2000. Her research interests include Java, dynamic languages, client-side technologies, and testing. She is a Java Champion, CDF Ambassador, hackergarten enthusiast, Open Source advocate, public speaker, and mentor.
Shachar Menashe
|
Sr. Director Security Research, JFrog
https://sessionize.com/image/fa74-400o400o2-BBDSnPuTqyKWXMHiUrqARJ.PNG
Shachar is the Senior Director of Security Research at JFrog. With over 10 years of experience in security research, including low-level R&D, reverse engineering and vulnerability research, Shachar is responsible for leading a team of researchers in discovering and analyzing emerging security vulnerabilities and malicious packages. He joined JFrog through the Vdoo acquisition in June 2021, where he served as vice president of security. Before joining Vdoo, Shachar worked as a team leader at boutique research company NorthBit which was acquired by AR giant Magic Leap. He was then put in charge of Magic Leap's low-level OS security team, where he continued specializing in areas such as Linux & Android security architecture, implementing custom kernel and bootloader mitigations, and securing development lifecycle processes. This led to a successful release of Magic Leap's OS which has remained unhacked to this day. Shachar holds a B. Sc in Electronics Engineering and Computer Science from Tel-Aviv University.
WED 4:20 PM - 5:00 PM
Top Frog
There are a number of metrics that can be used to get a better understanding of the vulnerabilities that may be present in software. There is the Common Weakness Scoring System (CWSS), the Exploitability Index (EI), and the National Vulnerability Database (NVD) which includes the Common Vulnerability Enumeration (CVE). With all of the metrics how do you determine what vulnerabilities exist in your software?
In this session, we will explain some of the most used metrics in security and walk through real-world CVE examples, highlighting instances and entire categories where CVSSv3.1 falls short of providing an accurate score, both due to its design and its various flaws. The session will also cover specific indicators in the CVE description that can increase the confidence in a CVSS rating, and vice versa.
22
Session
Demystifying Artifactory Upgrades
Jyostna Seelam
|
Lead Software Engineer, Capital One
https://sessionize.com/image/2722-400o400o2-7LMPqSvoNQXPiqhMhmpD5r.jpg
Jyostna has been with Capital One for six years. She makes software engineering practices part of building infrastructure and solving operational problems. This way, she can create and manage highly scalable and reliable distributed software systems. She pays close attention to resiliency and user experience.
WED 4:20 PM - 5:00 PM
WonderFrog
Artifactory's role in enterprises' day-to-day lives is huge and important. Developers are responsible for building and delivering world-class products for the company. Upgrades are important for every product to get the best possible state and to accommodate changes. However, from time to time, Artifactory must work without downtime or degraded performance. This is challenging regarding implementing practices that are already in place. This session will discuss our upgrade process, highlight the best policies we followed, and share the learnings we gained. This is important, because it can help us with future upgrades.
23
Session
Secure Your DevOps Pipeline with New Security Tooling
Tracy Ragan
|
CEO, DeployHub & CDF Board Member
https://sessionize.com/image/2365-400o400o2-QoXueUS2EHEMPqLuyA8yzB.jpg
Tracy is CEO and Co-Founder of DeployHub. DeployHub is the first microservice management platform designed to facilitate the sharing, relationship mapping, and deployment of microservices. Tracy is an expert in configuration management and pipeline life cycle practices with a hyper-focus on microservices and cloud-native architecture. She served as a board member of the Continuous Delivery Foundation (CDF) and the OpenSSF where she was the elected General Member Representative. Tracy currently serves on the board of the CDF Technology Oversight Committee. Tracy is a recognized evangelist in microservices and the continuous delivery pipeline. She is the creator of the Continuous Delivery Foundation Interactive Landscape, a blog contributor for the CDF, and speaks at many DevOps events such as JFrog SwampUp, CDCon, OpenSSF Days, and CloudBees DevOpsWorld. Tracy is also a host of TechStrong Women TV where she interviews technologists who just happen to be women. Before DeployHub, Tracy was the COO and co-founder of OpenMake Software, a build acceleration and management tool that is the heart of development for over 400 enterprise development teams. She served on the Eclipse Foundation Board as a founding member from 2004 -2007.
WED 4:20 PM - 5:00 PM
WakandaFrog
IT teams across the globe have experienced a security awakening. This awakening has resulted in the release of new open-source tools you can use today, from hardening the build process to collecting actionable supply chain intelligence. This presentation will review the new generation of open-source security tools you should consider implementing as part of your security strategy. It'll cover the five phases of the DevOps Pipeline, and the tools needed in each phase to build the basic security guardrails needed across your development to release life cycle.
24
5:05 PM
Session
Why “SBOM” Isn’t a 4-Letter Word
Bill Manning
|
Solutions Engineering Manager, JFrog
https://sessionize.com/image/9425-400o400o2-hrMo4r2kTsE5Q57KixZXDW.jpg
Bill is a Solutions Engineering Manager with JFrog. He's also a mentor with TechStars (Nike Incubator), Matter, and NestGSV. He has successfully exited three companies and took one public in Australia. He's also currently helping various startups as an advisor. In his spare time, he likes to travel with his wife and two boys. He also plays guitar, loves gadgets, and IOT, lives for the beach, rides skateboards, and is an avid cyclist.
WED 5:05 PM - 5:45 PM
Top Frog
When the White House's cybersecurity executive order from May 2021 was issued, the Software Bill of Materials (SBOM) graduated from being a "nice to have" to a "must-have" when developing and deploying secure software. The SBOM shows which parts make up a software program and how it was assembled. This lets you check for security and compliance problems at every stage and with every component. In this talk, we'll define the SBOM, misconceptions that exist around the SBOM, insights and best practices on SBOM creation and usage, and more.
25
Session
How to Take Prometheus Planet-Scale: Massively Large Scale Metrics Deployments
Vijay Samuel
|
Observability Architect, eBay
https://sessionize.com/image/1c81-400o400o2-7Dc1BBPqv5J1KTz87GsK3R.jpg
Vijay works with eBay's observability platform as its architect. During his time at eBay, Vijay has transformed eBay's observability platform into a cloud-native offering that's primarily built on top of open source technologies. He loves to code in Go and play video games.
Sandeep Chatra Raveesh
|
Observability Lead, eBay
https://sessionize.com/image/4c30-400o400o2-hpvSBKAGMH5RSFG9VHiLqa.jpg
Sandeep is a lead software engineer at eBay, specializing in building and maintaining the observability platform.
WED 5:05 PM - 5:45 PM
WonderFrog
Observability at eBay has been on an exponential growth curve. What was a low 2M/sec ingest rate of time series in 2017 is now roughly 40M/sec with active time series close to three billion. Our current cortex-inspired architecture of Prometheus builds sharding and clustering on top of the Prometheus TSDB.
It's relatively simple to shard/replicate tenants of data in centralized clusters. However, large clusters with growing cardinality become less useful as query latencies degrade considerably. In 2020, Google published a paper on its time-series database Monarch, dubbed a planet-scale TSDB. The paper gave us some useful hints on how we could decentralize our installations and go fully planet scale. We started with a prototype to federate queries to TSDBs from different cities. Now, it lets us deploy our TSDBs anywhere using Kubernetes operators and Prometheus.
This session focuses on the planet-scale architecture of our metrics platform, how GitOps has facilitated absorbing the complexity of massive deployment, and more.
26
Session
Software Composition Analysis with Xray
Lidor Gerstel
|
DevOps Trainer, iNT college - Institute of Innovation & Technology
https://sessionize.com/image/53d2-400o400o2-Qf4iNcCSioAvUDkNCXE2gV.jpg
Lidor is a DevOps team leader and experienced trainer with a demonstrated history of leading CI/CD projects in the industry. He's Skilled in Kubernetes, Docker, AWS, and Jenkins, and is a certified AWS Solution Architect.
WED 5:05 PM - 5:45 PM
WakandaFrog
Do you have Software Composition Analysis (SCA)? And if you do, is it mainstream? Or has no one noticed it? I'll answer these questions in my session about SCA, as well as how to detect secrets, and exposures while you're driving your precious CI process.
27
5:45 PM
Closing Remarks & Raffles
WED 5:45 PM - 5:55 PM
The Swamp
