Global AppSec Amsterdam

Modern security practices require extensive testing using a multitude of tools. Moreover, orchestrating and executing them in a traditional CI/CD environment doesn’t scale easily. Additionally, adopting the push-left ideology, enabling developers to run pipelines on demand places a bottleneck when using a traditional CI/CD solution. While modern CI/CD servers usually provide some ability to orchestrate a kubernetes cluster which could mitigate this load, the orchestration is usually a transparent frontend to loading K8s manifests. This talk introduces Dracon, an open source tool providing a pluggable and flexible way of running producer/consumer pipelines natively on Kubernetes. We will provide use cases, architecture details and demos along with links to documentation on how to integrate new tools.