TL;DR Yalla! DevOps 2022 community event — Learning. Networking. Fun. Driven by the DevOps community. All about the DevOps community.
Yalla! DevOps was back again this year with an exciting lineup of content ranging from DevOps, DevSecOps, professional development and more. Local speakers from the DevOps community and industry leaders from around the world took the stage making it one of the best DevOps community events this year.
Keep reading for a recap of Yalla! DevOps 2022.
DevOps Evolved: The demand on today’s developers
Opening the event was Shlomi Ben Haim, JFrog CEO & Co-Founder, providing significant DevOps industry insights, including how DevOps has matured and is mission critical. Our customers are saying: “If DevOps is down, our business is down.” As well as additional DevOps market trends, such as how infrastructure is viewed today as a strategic long-term decision, developers want fast end-to-end solutions, and how DevOps is continuing to evolve and adopt additional domains such as security and IoT.
DevOps is part of the journey and your growth plan.
Build it, secure it, deploy it.
Shlomi continued to show the transition of industry trends, including how developer skills are expected to cover the full software supply chain journey. From development, security and all the way to deployment. As well as the rising trend of new tools now available to enable software developers to secure the organization, and the next stage in the DevOps journey which is deployment on the edge.
Best practices from the DevOps community
This was a special opportunity with the community to unveil the new JFrog Innovation Program. An initiative focused on early-stage startups that is designed to offer mentoring, design partnerships, and funds for emerging technology.
Yalla! JFrog DevOps Innovation Program
Interviewing the DevOps Community
Alongside the insightful talks and impressive exhibition hall, this year Yalla DevOps offered attendees the opportunity to provide their thoughts and DevOps expertise with live in-person interviews.
Welcoming back Alan Shimel, CEO of Techstrong, who interviewed DevOps professionals attending the conference throughout the day.Watch on DevOps.com >
DevOps Speakeasy, hosted by Batel Zohar, JFrog Developer Advocate, also featured live interviews throughout the day.Watch on DevOps Speakeasy >
Talk highlights 🎬✨
Here are just a few of the amazing talks we had at Yalla! DevOps!
The Battle of Policies: OPA’s Rego vs. JSON Schema
Conquering “CVE Shock” – Restoring Faith in Security Scanning
What Product Security Really Means – From Theory to Practice
Living on the Edge: The Future of IoT Computing is Here
The number of devices in the world is rapidly growing and computing is moving to the edge. This panel of experts, led by Alan Shimel, discussed the significance of bringing DevOps practices into the world of IoT and edge devices, as new standards. Including the different challenges of securing the software on edge devices, and getting inspired from advanced techniques such as preventing zero-day vulnerabilities.
Happening now on stage at #Yalla2022, @TechstrongTV‘s host, Alan Shimel (@ashimmy), interviews industry luminaries including JFrog co-founder and Chief #datascientist, Fred Simon, on the next big thing in #IoT and connected devices.#DevOps #Developers #DeveloperCommunity pic.twitter.com/BvGZuHkBMT
— JFrog (@jfrog) July 18, 2022
As a senior security researcher, Or Sahar at F5, offered her advice to all future developers that “we need to teach them security awareness from the first line of their code. It’s extremely important to help developers think about security…to think like a hacker.”
Natali Tshuva, Sternum CEO and Co-Founder, continued to highlight that “when you talk about on-device security, you actually talk about developer security, because CISO’s don’t have access, you have access.” “The key is developers, because as you build your software, this is where you can deploy solutions that protect your software in real-time — and go through scanning, to prevention, to remediation, to real-time analytics, and the time to embed these kinds of things is while you develop and update your devices.”
Fred Simon, JFrog Chief Data Scientist and Co-Founder, stressed the importance of being able to update devices and the potential dangers of not having this ability. This is one of the main barriers that we are facing in IoT security. Bringing the change to the IoT world, “the only way to get value from our device, to secure our device, and to really change and bring so many billion devices is to continuously update them, and not be afraid of updating them. It needs to be part of how we think and what we do.”
The Continuous Software Supply Chain: From Dev to Device
Yalla! DevOps brought together our leading experts that demonstrated the IoT vision becoming a reality.
IoT is Everywhere
Amit Ezer, JFrog Connect Group Lead, presented the 4 daily challenges of working with IoT Devices.
- Public IP: One of the most challenging things with IoT devices is that they don’t have a public IP. Most IoT devices are remote and cannot be accessed directly.
- Backups: There’s one local storage, no virtual storage.
- Redundancy: There’s no room for any errors.
- Stable power or network: Most devices run on wifi.
He continued with a demo showing how to solve these challenges using DevOps tools for IoT. Learn more about JFrog Connect, the first end-to-end platform for connected devices.
Demo: Complete end-to-end software update flow for IoT devices
Product security – Serving security in DevOps
Nati Davidi, SVP JFrog Security, brought his security expertise, focusing on software supply chain security threats. Expanding on how DevOps is becoming the security pivot of organizations, and modern attacks leverage the software supply chain to serve production attacks. He described the two motivations behind software supply chain attacks:
- The data: where the attacker gains knowledge via the supply chain.
- The action: where the attacker plans malicious activity via the supply chain.
What are software supply chain attacks
Pyrsia open-source: community project for securing your software binaries
Closing this keynote with an amazing community initiative were Baruch Sadogursky, JFrog Principle Developer Advocate and Fred Simon, JFrog Chief Data Scientist and Co-Founder. Bringing the community together to build trust in open source software dependencies. Pyrsia is a decentralized package network, which is reliable, secure and always open. It creates a full network for all developers and organizations participating in this OSS community.
Joining Baruch and Fred was Justin Cormack, Docker CTO, who talked about the importance of Pyrsia being part of the community, solving software supply chain security challenges. “It’s really brought the community together to work together on solving new problems.”
Pyrsia Decentralized Package Network