Coming Soon...

Coming Soon...

Coming Soon...

Coming Soon...

Coming Soon...

Starting from nothing but source code, I will demo a complete deployment of a complex modern application in Azure cloud using DevOps best practices.

A typical “Hello World” DevOps demo doesn’t really help us figure out how to do DevOps in the real world. In this session, I will touch on modern technologies and techniques including Infrastructure as Code, setting up DNS, deploying a database, disaster recovery, and using API's hosted in Kubernetes clusters, all the way to mobile apps, all from within our pipelines.

All techniques shown and discussed can be used with any DevOps tooling and any cloud, but in this talk, we will be using GitLab as our DevOps tooling and Azure as our cloud.

In this session we will cover the basics of Cloud Native Buildpacks and show how they can be leveraged from GitLab pipelines. By the end of this talk you’ll understand how you can make short work of building images in a secure, repeatable way.

Building production-grade container images with confidence and ease has become a critical element to achieving productivity and success, yet presents significant challenges. Cloud Native Buildpacks make it quick and easy to go from source to container image for a variety of languages, while providing security, auditability, transparency, and control for building and patching images.

Join us to learn how we helped one of the largest financial services institutions in the world shape their cloud strategy using GitLab and Terraform. Starting on a cloud journey brings so many questions around resource provisioning & management, security, compliance, how to enable the team with easy access to definitions, and keep everyone updated. As we know, the most reliable source of truth is the code, so the use of infrastructure as code paired with an inner-source process is a solid foundation.

I will share the technical hurdles and lessons learned from implementing Machine Learning training with cloud-based pipelines using GitLab CICD, Docker+Machine, and GPU-powered virtual machines in the cloud.

Data Science infrastructure requirements are easily capable of racking up high costs with GPU based virtual-machines running 24/7 in the cloud, or require specialised hardware to be maintained and powered on-prem. Without huge expense, achieving agile ML model development can be hard.

Data Scientists in the organization can now quickly build their own pipelines with high agility and speed, at reduced infrastructure costs than before, and time reduced in debugging issues.

This session focuses on using GitLab CI and GitOps practices to build an operations pipeline that can help operators confidently roll out change across their multiple Google Anthos clusters.

Google Anthos enables teams to develop and deploy Kubernetes based applications at rapid pace across multiple on-prem and cloud environments.

Anthos Config Management is a key tool in managing these diverse environments, but requires the maturity of GitOps based processes and supporting tooling such as GitLab.

Come learn more about installing Vault as a GitLab managed application, directly authenticating to Vault using JSON Web Tokens (JWTs), and using the native integration with GitLab's runners and CI/CD pipelines.

GitLab and HashiCorp are partnering to bring together the scale and simplicity of GitLab CI/CD with HashiCorp Vault's superior secrets management solution.

This will be a joint session with GitLab and Hashicorp to discuss all things secrets management.

Many organizations attempt adopting DevOps and Agile practices only to crash against a compliance wall such as Risk Management Framework (RMF), PCI-DSS, or even GDPR. Even Gene Kim’s “The Unicorn Project'', shows a security officer experiencing a complete breakdown before becoming a DevOps enthusiast. But really, it’s not that hard.

After being a Product Owner on an Agile team, I transferred to a security lead, operating the RMF with an org newly committed to Agile. My team worked through a mindset change without the breakdown, incorporating small compliance goals, integrating with developers, shifting security left, and building cooperative risk ownership. This session shares my experiences incorporating an Agile workplace with U.S. Government compliance.

CI/CD is critical to any DevOps operation today, but when attackers compromise it, they get to distribute malicious software to millions of unsuspecting users. We present how Datadog used TUF and in-toto to develop, to the best of our knowledge, the industry’s first end-to-end verified pipeline that automatically builds integrations for the Datadog agent. That is, even if this pipeline is compromised, users should not be able to install malware. We will show a demonstration of our pipeline in production being used to protect users of the Datadog agent, and describe how you can use TUF + in-toto to secure your own pipeline.

Do you have experience with security in your software development process but none at all with compliance? Join this session to hear our journey as we set out to become SOC-2 compliant.

Armed with very little public documentation on how to become SOC-2 compliant, we built SOC-2 procedures around Agile software development and DevOps patterns such as CI/CD and GitOps. Although it typically takes about a year to complete SOC-2 compliance, we obtained certification in less than six months.

You will learn how Agile processes and DevOps can address and outperform traditional methods for managing security and compliance. This talk will empower you to tailor your enterprise compliance needs to your desired software development process.

Let’s talk about compliance—just the word makes people either want to fall asleep or worse, run and hide. Between the development process and the cycle of endless audits, it’s no wonder that people try to avoid this topic at all costs. However, it’s clear that in order to move toward cloud migration and modernization, public sector organizations must transform their existing processes to obtain an Authority to Operate (ATO). In this talk, we’ll walk through the process of how implementing automation took our federal customer from an average ATO time of an average of 3-4 months per application to only 1-2 weeks, and more importantly, why Gitlab is the superior tool to help us do that.

Not a federal customer? That’s ok, too. Managing policy through automation is an important way you can more easily pass any regulatory audit like PCI DSS, HIPAA, and more!

Public cloud is great. We love public cloud. But sometimes, regulatory, company compliance, and legal restrictions necessitate an on-prem solution.

This session will explore ways to remain compliant with an on-prem solution while you work through your organization’s public cloud challenges. Using GitLab and Kubernetes allows for workload portability that will enable a simple transition once your organization gives the green light.

Compliance requires organizations to adopt processes that help them adhere to regulatory and legal requirements. Often, these processes are costly, manual, and cumbersome to implement and maintain. Even organizations that are advanced in compliance maturity still maintain processes within spreadsheets, file storage systems (such as Google Drives or Dropbox) ,and emails—making wading through the documentation required to prove compliance extremely painful.

The good news is that it does not have to be so overwhelming. GitLab can make compliance management friendly, straightforward, and as frictionless as possible.
Learn how GitLab can help make your compliance initiatives seamless:
* Why is achieving compliance so difficult?
* Prerequisites for building your compliance program
* Achieving compliance success with GitLab

Join Nico, Philippe, and Wayne for a session full of Containers, Kubernetes, and security! In this talk, you will learn how GitLab Defend features can help you to effectively secure your applications and services. We will guide you through different features using real-scenarios use-cases and demos with demonstrations from the perspectives of a software developer, security engineer, and hacker. You will learn how to secure your application ingress using the Web Application Firewall, securing east-west application traffic with Container Network Security as well as threat detection with Container Behaviour Analytics. Everything within your GitLab project! Walk away and know everything you need to know to successfully secure your applications and services!

Less than a third of respondents to GitLab's 2020 DevSecOps survey regarded their company's security as "Good", so what's it going to take to get to "Great"? Without the right tools and processes in place, “shift left” security remains more of an aspiration than a reality for many, especially for developers newly tasked with securing software but unequipped to properly do so. Hear from an Open Source security specialist who thinks GitLab's philosophy of reducing context switching in Developer routines also provides a perfect base for the future of DevSecOps.

Together with a rep. from GenesisCare we will talk about how they use Gitlab for SCM, CI and their recent transition into using the Planning, Designer and DevSecOps features across the entire GenesisCare software development team to deliver geographically distributed applications to improve treatment of patients and enable doctors to work more efficiently in all their clinics.

Fuzz testing is a new tool in the development arsenal enabling developers to inject random, malformed data into their application and see what happens! Fuzz testing helps identify bugs and security issues (e.g., unknown vulnerabilities) that traditional testing processes commonly miss as they are focused on known vulnerabilities. In this session, we will define what fuzz testing is, what it is not, why is it important, and how to get up and running quickly. We will also share several real-world examples of how fuzz testing was used to find bugs that otherwise wouldn't have been discovered. We will end this session with demos of two different fuzz testing techniques within the development workflow leveraging GitLab SCM, CI, and Vulnerability Management.

This presentation would be separated into two main concepts (DevSecOps overview, Checkmarx integration with GitLab, and the challenges we had with the Security integration):

1. DevSecOps

Give an overview of applying application security testing during the CI stage, putting “Sec” into DevOps. I will give examples of the challenges I have seen with organizations trying to achieve DevSecOps and discuss various approaches that I have seen fail and succeed. The presentation will speak to the teamwork that is needed with the DevOps team, the Security team, and the Developers. The main emphasis will focus on the security tool(s) providing meaningful, actionable results to all parties into GitLab’s development environment.

2. Checkmarx approach in integrating with GitLab CI/CD

- Merge Requests discussions
- Vulnerability management
- Integration with GitLab's Security Dashboard
- CxFlow – Checkmarx spring boot application that orchestrates the initiation of static application security testing and software composition analysis and imports the results into GitLab’s ecosystem.

Recent events have raised awareness of pervasive issues facing blacks in America. Further, blacks have historically been underrepresented in software development, accounting for approximately 2% of software developers despite making up approximately 13% of the American population. Many companies claim to be committed to diversifying their software engineering workforce, and these promises have only accelerated in recent months. However, aside from data revealing their prevalence among software developers, little publicly available data or analysis exists on the professional experience of black software developers. In this presentation, I analyze pay gaps, paths to promotion, job and career satisfaction, and other aspects of black software development to better understand the career journeys of black software engineers.

Coming soon...

As a developer using GitLab for a few personal projects and a long time Open Source contributor, joining the GitLab Heroes program was an opportunity to expand my knowledge of DevOps, improve my skills, and connect with other GitLabbers. After a year, I can share how the journey has been and why (or why not) you should join the program.

Do you struggle with giving or receiving feedback? Have you found it difficult to work with team members you only talk to online, or who belong to a different culture than you do? Do you wish you had more charisma?

After reading many self-help books, watching various TED Talks, and listening to a ton of podcasts, I've condensed my learnings to help you improve your communications skills, deal with conflict, and collaborate better than ever in open source communities (and everywhere else).

Think of the last time you thought about getting involved with an open source project or developer community. Did you feel like you had all the information? That you knew what was expected? Or if people would be friendly? 🤔 The best communities go out of their way to provide information to contributors-to-be and new contributors, greatly increasing their chance of success. In this talk, I’ll share some tips and examples that will help your community make new contributors feel right at home.

Retrospectives are traditionally held to evaluate how a launch went, determine what went well (and what didn’t) at a recent conference, or recap a recent outage.

But what if we use the retrospective model with an open source community? If we encourage a safe and open environment to share candid opinions and experiences, a retrospective can be an effective way to solicit feedback beyond the questions asked on the forum.

By using tools like Kanban boards to organize “post-it notes” into columns of What’s going well? What’s going poorly? and What could we be doing better?, you can have an open and honest conversation with engaged community members.

This not only results in a happier community that feels listened to, but it also energizes your Developer Relations, Product, and Engineering teams to continue producing great content and tooling to better serve your audience.

What does it look like for a team to adopt Docker and GitLab CI/CD when they haven’t been using them previously?

In 2015 we started to use GitLab-CE at STRABAG. After using OpenVZ containers since 2006 my team and I decided to move to Docker in 2017. We ran our first GitLab pipeline job in 2018 and now we are running more than 50k jobs per month.

With our first CI/CD run we decided to fully commit ourselves to the GitOps philosophy and during the upcoming years, we hit a lot of obstacles. But, these experiences welded us together even more. By using GitLab we invented a lot of new tools but the most important thing was that we have built it up together, bottom up, with us as individuals.

Follow my talk and see how we started our adventure through the endless space of the GitLab galaxy and listen how we are using our experience, our knowledge and our team friendship to build up creative innovative solutions today. You will see that together with human friendship you can go where no one has gone before.

Learning how to use GitLab is great, but teaching others how to use GitLab is even better!

Feu is a technical trainer who has been giving GitLab trainings to new user of all kinds for over a year. Based on their experience, Feu will share insights, learnings, tips, and best practices for teaching others about Git and GitLab. They’ve tried out a few different strategies on how to explain the basics to beginners and will share the ones that have proven to be most successful with you!

Codesmen is a software consultancy who builds applications for a wide array of clients from early-stage startups, small & medium businesses to non-profit organizations. Having a well-run and reliable deployment strategy becomes critical to delivering quality software that meets or exceeds client expectations.

In this talk, Codesmen CTO Asad Raza will walk through their GitLab CI/CD setup for staging, release, and production environments running on AWS EC2. You’ll learn how each environment works in practice as well as see some example configuration that you can use to set up your own multi-environment pipelines.

GitLab has made full CI/CD with Kubernetes a snap!

But what if you're managing clusters on-prem?
Or perhaps Kubernetes feels like more than you need for a simple deployment or prototype?

In this talk, Tracey will show some simple ways to get a HashiCorp Nomad cluster up quickly, tied in to GitLab, and ready for deployment. Having been both the Kubernetes admin and Nomad admin at Archive.org Tracey will share some of her real-world experiences to highlight the similarities and differences when using each with GitLab CI/CD.

A demo will include showing how to create a simple generic nomad job template that substitutes in GitLab CI/CD variables to make nice job names and nice DNS names. The result will deploy and auto-version with each commit/push.

Many businesses today find that having an online storefront is increasingly becoming a necessity if they want to maintain and grow their customer base. However, in Kenya where ecommerce is rapidly growing, entrepreneurs and small business owners are finding that many professional ecommerce platforms haven’t been designed for the local market and are either expensive and/or cannot be easily customized for their needs.

Thankfully, checkout tools such as Flutter and Stripe allow one to turn a simple static webpage into an online shop. GitLab CI/CD provides a mechanism to run tests, track changes, and deploy static websites using GitLab Pages. For many small businesses who want their own online space at a low cost and low complexity, this is an ideal solution. This solution is also helpful for projects that have associated merchandise. In this session, Benson will give an overview of how this system is being used in Kenya along with recorded a demo.

It’s now been several years since GNOME, a free and open source desktop environment for Unix-like operating systems, switched to centralizing their contribution process on GitLab. In that time, the GNOME Foundation staff has begun using GitLab for everything from conference organizing and design to fundraising and Code of Conduct reporting. In this session, Molly de Blanc, Strategic Initiatives Manager, will share how GitLab fits into workflows; the wide range of uses; and the features they find most helpful (or wish they had).

While DevOps has been evolving for over a decade, Artificial Intelligence (AI) and Machine Learning (ML) are just beginning to take advantage of it. This emerging art and science of MLOps is opening new possibilities for engineers and data scientists alike.

In this session Mon will provide a developer’s introduction to MLOps sharing what you need to know to start using your existing skill set to explore this exciting new field. She’ll demonstrate how to use GitLab CI/CD pipelines to bring ML models to production with speed and ease while highly how teams can leverage GitLab for collaboration throughout the process.

Learn how to measure and improve your team's software delivery performance by assessing four key software delivery metrics.

Software metrics often pit different functions against each other and result in local optimizations at the cost of overall outcomes. Our research has developed and validated four metrics that provide a high-level systems view of software delivery and performance and predict an organization’s ability to achieve its goals. Accurate collection of the data required to measure the four key metrics can be time consuming, error prone, and incomplete.

This session will introduce some automation with Google Cloud Platform that automates the generation and collection of the metrics required to measure the four key software delivery performance metrics.

With a pivot to a DevOps mindset at Northwestern Mutual, we wanted to chart and demonstrate our progress on that journey. We developed a process to leverage the robust project and pipeline data from Gitlab and aggregated it into dashboards to provide visibility on current state and trending over time. In this session, we'll show what types of metrics we captured and how this data drives improvements.

The benefits of DevOps come with a steep learning curve. At State Farm, we believe that in order to successfully transform and create a DevOps culture, we have to embrace the community model—the promotion of (and reliance on) knowledge sharing for both failures and successes, so that teams may learn from the past in order to succeed at scale.

The community model prevents unnecessary waste, enables architecture and code reuse, and allows teams to share best practices. It also enables cultural change. In this presentation we will articulate the community model, share our lessons learned with three years experience operating within it, and explain why and how other organizations should embrace it.

Organizing a portfolio of IT projects and aligning to strategic initiatives while managing day-to-day organization of teams and work is challenging and complicated. This presentation will provide a simple approach to Portfolio Management in an IT environment. Using GitLab Epics, we will demonstrate how to manage the entire IT project portfolio, from planning, to collaboration, to measuring real progress toward strategic goals and KPIs.

With an engineer-constrained team experienced in waterfall methodologies, Rolls Royce UK SMRs set out to enable modern, Agile tools, techniques and philosophies. This presentation will detail how COVID-19 provided the catalyst to starting our DevOps journey, and how using GitLab as our lifecycle management tool has allowed us to incrementally migrate to a DevOps solution, providing value for inflight tasks, whilst enabling a framework to ease development, testing and deployment of an increasingly complex nuclear analytical method.

Modernization creates challenges to an organization's governance. This presentation will guide organizations on implementing an automated process for tracking governance throughout the deployment pipeline. It will provide a reference architecture to help guide organizations on how to design and implement such a system, as well as a sample use case to help them further enforce these best practices. Ultimately, An DevOps automated governance process can give organizations the assurance that the delivery of their software and services are trusted.

While the information security space is constantly changing, the United States Army training enterprise operates on a three-year curriculum update cycle. At its inception, the U.S. Army Cyber School recognized this challenge and created a streamlined courseware process using Git to track all instructional material as code. Rather than office documents and static virtual machine snapshots, the school uses markup languages to define instructor and student material, slide decks, and facilitation guides linked to code-driven frameworks to define all training networks, workstations, and activities.

Learn how the Cyber School reduces effort and increases efficiency and transparency necessary to maintain their curriculum relevance and currency.

The Brazilian Federal Public Ministry has evolved its deployment strategy from a basically manual approach with few automations to a fully automated, continuous delivery strategy based on GitLab, Docker, and Kubernetes.

Learn about their DevSecOps Flow, which includes test automation, source code quality assurance, deployment tests, automation of Docker container builds, and deployment in Kubernetes clusters. See how security requirements are validated during the continuous delivery process by validating vulnerabilities in the source code (static analysis) and security scanning of Docker images...all created exclusively with open source tools.

The UK has recently launched ASiMoV, one of the largest projects in high-performance computing (HPC) that ambitiously aims to deliver the world's first high-fidelity simulations of a complete gas-turbine engine during operation. Each simulation must be reproducible and therefore underpinned by a code that is extremely reliable as well as extensively tested....and changes to the code must be trusted to not introduce unintended flaws.

CI/CD is a key enabler to execute ASiMoV and the entire infrastructure heavily relies on Gitlab—from unit testing all the way to website deployment, including the distribution of containerized development environments. Discover how the application of CI/CD to scientific computing, in the context of an extraordinary engineering project, is leading toward ""virtual certification"" of gas-turbine engines.

Currently, many government organizations use multiple tools and platforms to accomplish their cost, schedule, and performance activities. Consequently, developers waste time tracking their work across different platforms and on tool integration as well as on how they operate when they should be focusing on the product delivery that supports the mission.

Discover how NIWC Atlantic is introducing and driving adoption of GitLab as their all-inclusive platform for DevSecOps development Navy-wide and how they are overcoming the government infrastructure deployment challenges of:
* GitLab 13.x via AWS and integration with the RedHat OpenShift Container Platform
* Deployment of HA and AutoScaling in AWS

Like many large public sector organizations, the National Security Agency (NSA) had a volunteer-led source code repository running on old hardware. Through a team of passionate developers, the NSA developed a public-private partnership with GitLab and Amazon Web Services (AWS). Through this partnership, NSA migrated from on-premises hardware to AWS. This effort involved refactoring a non-version controlled environment to a version controlled, fully automated deployment strategy using Infrastructure-as-Code. The migration leveraged AWS managed services to drastically improve the reliability of the service, in order to provide the performance and stability the NSA’s mission requires. Join this talk to learn about NSA’s DevOps journey and the technology they used along the way.

Did you ever make a promise you were not sure you could keep? Did you ever wish someone would just tell you how to get started or offer practical tidbits of what to think about BEFORE you began implementing a new process? Learn how one agency began their DevOps journey doing the right things but focused on the short-term wins which ultimately lead to unmet expectations.

‘Getting to Minimal Viable DevOps-ness’ is the story of how the National Museum of African American History and Culture started with a blank slate and embraced their implementation challenges to develop a robust set of lessons learned and a flexible DevOps design pattern.

Government development teams need the ability to work seamlessly across disparate network enclaves, with all artifacts, issues, and code intact as if they were working on the same DevSecOps project. How can they accelerate their speed to mission without compromising security?

Discover how two Intelligence Community organizations empowered their teams with seamless collaboration across enclaves to dramatically increase their delivery on the mission.

The ability to have the most recent, updated information at the tactical edge—where there is no or intermittent network connectivity—can save lives or cause the loss of a battalion. Constantly updated evolutionary data in the form of “DevSecOps in a Box” can enable operations at the tactical edge and give the ability to modify any application to fit an environment, updating intermittently when a network is established. Warfighters, airmen, marines, sailors, and other sectors of the military rely heavily on this capability.

Learn how tactical applications like logistics, cyber, information gathering, and ISR are using offline capabilities for DevSecOps to meet field requirements securely and reliably.

Coming Soon...

Coming Soon...

As HubSpot transitioned into a fully remote workforce, we were challenged to take what we had learned from our remote community over the past ten years and apply these lessons in order to adapt our processes, our systems, and our culture to fit our new needs. And it worked. Moving from a 'remote friendly' to a 'remote first' world of work helped us to grow our culture for the better, focusing on people over location. But... how do you avoid creating two sub-cultures, and one that favours in office behaviours? 

We will share how HubSpot is thinking about the future of work, and our approach to creating an inclusive and equitable culture for all.

Whether you’re bringing on one new engineer or fifty to your team, having a formalized onboarding process in place ensures that they can get up to speed quickly, and receive a fair start on the team. Whether you’re a manager, a lead, or a developer eager to help out, you’ll learn how to create your own exceptional onboarding process, and hear about my own onboarding failures and eventual success.

The power of remote work is the flexibility that it can provide, but not if you spend your entire day on Zoom or in pointless meetings. We'll discuss the benefits of asynchronous workflows, written updates, and outline specific playbooks you can roll out to reduce or eliminate the time you spend in update meetings.

Let's rethink the work week. The world is becoming well aware of how fundamentally different remote work is, both the benefits and the challenges. They are having to rethink all of their practices, from how they communicate and how they connect as teams. Understanding the phases of this transition, and how it impacts the culture of an organization, is critical to developing a successful remote workforce. 

The more remote your team is, the more real the conversations need to be. Join Savannah for an actionable session on cultivating compassion in your organization. We'll take lessons from Buddha, Abe Lincoln, and the Bronies, all as we learn how to iterate your way to inclusion, and delight your team along the way.