GitOPS: View from a security perspective

Aleksandr Sungurov

from Exness (Limassol)

About speaker

Information security specialist. Information security is his job and hobby. Since his school years he has been interested in programming, searching for vulnerabilities.

About speakers company

The Exness Group provides services for trading the financial markets.



I will talk about the principles and tools to control security and risks associated with using laC and GitOps in a company. You will dive into the concepts of securing a set of infrastructure on the example of a ready-made user story, which includes the creation of automated change management processes in laC.

- Immersion into GitOps. Approach highlights. Pros and cons of the approach.
- Deep dive into the application of ""Infrastructure as Code"" approach.
- Unveiling the concept of automating controls using the ""Policy as Code"" approach.
- Challenges of version control systems as a single source of truth impacting the entire Prod environment.
- Integration methodologies of SAST (Static Application Security Testing) for IaC (Infrastructure as Code) and additional controls for implementing the change approval process.
- Personal experience and frequently encountered issues.

The talk was accepted to the conference program

other talks of this topic

Sandboxing in Linux with zero lines of code

Ignat Korchagin

Cloudflare, Linux Guru

Offensive Azure Security

Sergey Chubarov


Container and Kubernetes: modern attacks and mitigations

Artem Bachevsky

Independent Researcher