IEEE Independent Researcher / IEEE Senior Member, Atlanta, USA

Title of the Talk :
Securing the Enterprise CI/CD Pipeline: From Development to Deployment

Abstract of Talk:
As enterprises accelerate software delivery through CI/CD pipelines, proactive security measures are essential to prevent vulnerabilities from reaching production. This session examines how organizations implement comprehensive, multi layered security practices throughout the software delivery lifecycle. Topics include static and dynamic application security testing (SAST/DAST) with tools such as Checkmarx, code quality and vulnerability scanning with SonarQube, and open source dependency and license management through Nexus IQ/OSS scanning. The talk also covers container image scanning, artifact integrity checks, and compliance validation to protect cloud native and microservices based environments. By embedding these controls into automated CI/CD workflows, teams can identify and remediate risks early, enforce policy driven approvals, and maintain regulatory compliance all without slowing down delivery. Participants will leave with practical strategies to build secure, resilient pipelines that safeguard both code and production systems.