Recapping Yalla! DevOps 2022

Another successful DevOps community event hosted by JFrog, the Liquid Software Company

.twitter-tweet{margin-left: auto !important; margin-right: auto !important;}

Yalla DevOps 2022

TL;DR Yalla! DevOps 2022 community event — Learning. Networking. Fun. Driven by the DevOps community. All about the DevOps community.

Yalla! DevOps was back again this year with an exciting lineup of content ranging from DevOps, DevSecOps, professional development and more. Local speakers from the DevOps community and industry leaders from around the world took the stage making it one of the best DevOps community events this year.

Keep reading for a recap of Yalla! DevOps 2022.

DevOps Evolved: The demand on today’s developers

Opening the event was Shlomi Ben Haim, JFrog CEO & Co-Founder, providing significant DevOps industry insights, including how DevOps has matured and is mission critical. Our customers are saying: “If DevOps is down, our business is down.” As well as additional DevOps market trends, such as how infrastructure is viewed today as a strategic long-term decision, developers want fast end-to-end solutions, and how DevOps is continuing to evolve and adopt additional domains such as security and IoT.

Yalla DevOps - Software ate the worldDevOps is part of the journey and your growth plan.
Build it, secure it, deploy it.

Shlomi continued to show the transition of industry trends, including how developer skills are expected to cover the full software supply chain journey. From development, security and all the way to deployment. As well as the rising trend of new tools now available to enable software developers to secure the organization, and the next stage in the DevOps journey which is deployment on the edge.

Yalla DevOps - What will be shared at YallaBest practices from the DevOps community

This was a special opportunity with the community to unveil the new JFrog Innovation Program. An initiative focused on early-stage startups that is designed to offer mentoring, design partnerships, and funds for emerging technology.

Yalla DevOps - Yalla lets innovateYalla! JFrog DevOps Innovation Program

Interviewing the DevOps Community

Alongside the insightful talks and impressive exhibition hall, this year Yalla DevOps offered attendees the opportunity to provide their thoughts and DevOps expertise with live in-person interviews.

Yalla DevOps - Techstrong

Welcoming back Alan Shimel, CEO of Techstrong, who interviewed DevOps professionals attending the conference throughout the day.Watch on DevOps.com >

DevOps Speakeasy, hosted by Batel Zohar, JFrog Developer Advocate, also featured live interviews throughout the day.Watch on DevOps Speakeasy >

Yalla DevOps - DevOps Speakeasy

Talk highlights 🎬✨

Here are just a few of the amazing talks we had at Yalla! DevOps!

The Battle of Policies: OPA’s Rego vs. JSON Schema

Yalla DevOps - Rego vs JSON Schema
Noaa Barki, Developer Advocate at Datree, takes us through her research journey of comparing OPA’s Rego and JSON Schema. As she and her team made the choice of which one to use for their project. Including the differences, benefits, usage with Kubernetes, integration into CI/CD pipelines and more. Her research summary outlines: 1. The learning curve; 2. Syntax; 3. Collaboration; 4. Maintenance & Debugging; 5. CI/CD Integration; and 6. Maturity.

Conquering “CVE Shock” – Restoring Faith in Security Scanning

The two main reasons we use CVE and vulnerability scanners are compliance regulations and since our CISOs require it. Rotem Refael, Director Of Engineering at ARMO, explains the real reason why we need CVE and vulnerability scanners. We really want to know what vulnerabilities are hiding within our deployments. In her talk, she shares how to take the large number of vulnerabilities found by security scanners and narrow them down to only those that are actually relevant. She was able to identify relevancy and what’s really in use at runtime.
Yalla DevOps - Conquering CVE Shock

What Product Security Really Means – From Theory to Practice

Yalla DevOps - What Product Security Really Means
Aviram Shmueli, CPO & Co-Founder at Jit, gave an overview of the Minimal Viable Security (MVS) mindset that should be part of all products. He focused his talk on how to implement a subset of the MVS, including: dependency check, secret detection, container scanning, app runtime scanning, infra-as-code scanning, and cloud runtime scanning. Walking through which tools are right for which job, and good ways to automate security from your very first line of code.

Living on the Edge: The Future of IoT Computing is Here

The number of devices in the world is rapidly growing and computing is moving to the edge. This panel of experts, led by Alan Shimel, discussed the significance of bringing DevOps practices into the world of IoT and edge devices, as new standards. Including the different challenges of securing the software on edge devices, and getting inspired from advanced techniques such as preventing zero-day vulnerabilities.

As a senior security researcher, Or Sahar at F5, offered her advice to all future developers that “we need to teach them security awareness from the first line of their code. It’s extremely important to help developers think about security…to think like a hacker.”

Natali Tshuva, Sternum CEO and Co-Founder, continued to highlight that “when you talk about on-device security, you actually talk about developer security, because CISO’s don’t have access, you have access.” “The key is developers, because as you build your software, this is where you can deploy solutions that protect your software in real-time — and go through scanning, to prevention, to remediation, to real-time analytics, and the time to embed these kinds of things is while you develop and update your devices.”

Fred Simon, JFrog Chief Data Scientist and Co-Founder, stressed the importance of being able to update devices and the potential dangers of not having this ability. This is one of the main barriers that we are facing in IoT security. Bringing the change to the IoT world, “the only way to get value from our device, to secure our device, and to really change and bring so many billion devices is to continuously update them, and not be afraid of updating them. It needs to be part of how we think and what we do.”

The Continuous Software Supply Chain: From Dev to Device

Yalla! DevOps brought together our leading experts that demonstrated the IoT vision becoming a reality.

IoT is Everywhere

Amit Ezer, JFrog Connect Group Lead, presented the 4 daily challenges of working with IoT Devices.

Yalla DevOps - Same DevOps but for IoT
  1. Public IP: One of the most challenging things with IoT devices is that they don’t have a public IP. Most IoT devices are remote and cannot be accessed directly.
  2. Backups: There’s one local storage, no virtual storage.
  3. Redundancy: There’s no room for any errors.
  4. Stable power or network: Most devices run on wifi.

He continued with a demo showing how to solve these challenges using DevOps tools for IoT. Learn more about JFrog Connect, the first end-to-end platform for connected devices.

Yalla DevOps - software update flow for IoT devicesDemo: Complete end-to-end software update flow for IoT devices

Product security – Serving security in DevOps

Nati Davidi, SVP JFrog Security, brought his security expertise, focusing on software supply chain security threats. Expanding on how DevOps is becoming the security pivot of organizations, and modern attacks leverage the software supply chain to serve production attacks. He described the two motivations behind software supply chain attacks:

  1. The data: where the attacker gains knowledge via the supply chain.
  2. The action: where the attacker plans malicious activity via the supply chain.

Yalla DevOps - SSC AttacksWhat are software supply chain attacks

Pyrsia open-source: community project for securing your software binaries

Closing this keynote with an amazing community initiative were Baruch Sadogursky, JFrog Principle Developer Advocate and Fred Simon, JFrog Chief Data Scientist and Co-Founder. Bringing the community together to build trust in open source software dependencies. Pyrsia is a decentralized package network, which is reliable, secure and always open. It creates a full network for all developers and organizations participating in this OSS community.

Joining Baruch and Fred was Justin Cormack, Docker CTO, who talked about the importance of Pyrsia being part of the community, solving software supply chain security challenges. “It’s really brought the community together to work together on solving new problems.”

Download the Pyrsia command line interface >


Pyrsia Decentralized Package Network

 

These are just a few of the amazing sessions that took place. Check out all the sessions and lighting talks available now on-demand. Thanks to everyone who made Yalla! DevOps a success.

See you next year!