The data is very sensitive for the bank, and therefore banks have very high standards of the cyber security. However, there are still a lot of challenge to promote DevSecOps culture.

Since 2018, we starts to integrate Cyber Security into DevOps culture by running DevSecOps program. We aim to shift left the Cyber security mindset to the development teams through promoting DevSecOps tools combined with the relevant trainings.

In this presentation, we will share how to integrate DevSecOps tools, such as Checkmarx, Contrast and Sonatype IQ into development CICD pipeline to produce vulnerability reports through cyber security testing and scanning source code and 3rd party libraries.

In addition, we will demonstrate three different ways to provide cyber security training to help development teams gradually grow their knowledge to have the capability to fix the vulnerability reported by DevSecOps tools, as well as establishing the brand new mindset over the time