Moataz Nabil
DevSecOps: Injecting Security into Mobile CI/CD Pipelines
#1about 4 minutes
Why shift-left security is critical for mobile apps
The increasing speed of mobile releases makes traditional security a bottleneck, requiring a shift-left approach to find and fix bugs early in the development cycle.
#2about 4 minutes
Understanding the core principles of mobile DevOps
Mobile DevOps combines people, processes, and tools to enable continuous communication, integration, delivery, testing, and monitoring for mobile applications.
#3about 5 minutes
Integrating security into the DevOps lifecycle with DevSecOps
DevSecOps extends DevOps by making security a shared responsibility and integrating automated security checks throughout the entire development process.
#4about 5 minutes
Choosing the right security testing methods for your pipeline
Implementing DevSecOps involves choosing between static (SAST), dynamic (DAST), and interactive (IAST) security testing tools to automate vulnerability detection.
#5about 6 minutes
An example of a secure Android CI/CD workflow
A practical DevSecOps workflow for Android includes steps for static analysis, dependency scanning, dynamic testing, and vulnerability scanning at different stages.
#6about 5 minutes
Demo of building a DevSecOps pipeline with Bitrise
A live demonstration shows how to configure a mobile CI/CD pipeline in Bitrise with integrated steps for SonarQube, Firebase Test Lab, and Oversecured API.
#7about 1 minute
Key lessons learned from implementing DevSecOps
Implementing DevSecOps is a continuous journey that requires a cultural mindset shift, shared team responsibility, and a strong foundation in test automation.
#8about 15 minutes
Q&A on speed, team adoption, and common mistakes
The speaker answers audience questions about balancing speed with security, convincing management to adopt DevSecOps, and common security leaks in mobile development.
Related jobs
Jobs that call for the skills explored in this talk.
VECTOR Informatik
Stuttgart, Germany
Senior
Kubernetes
Terraform
+1
Matching moments
00:30 MIN
The feasibility of coding entirely on a mobile phone
Fake or News: Coding on a Phone, Emotional Support Toasters, ChatGPT Weddings and more - Anselm Hannemann
01:06 MIN
Malware campaigns, cloud latency, and government IT theft
Fake or News: Self-Driving Cars on Subscription, Crypto Attacks Rising and Working While You Sleep - Théodore Lefèvre
03:45 MIN
Preventing exposed API keys in AI-assisted development
Slopquatting, API Keys, Fun with Fonts, Recruiters vs AI and more - The Best of LIVE 2025 - Part 2
05:55 MIN
The security risks of AI-generated code and slopsquatting
Slopquatting, API Keys, Fun with Fonts, Recruiters vs AI and more - The Best of LIVE 2025 - Part 2
03:16 MIN
Improving the developer feedback loop with specialized tools
Developer Time Is Valuable - Use the Right Tools - Kilian Valkhof
03:58 MIN
Making accessibility tooling actionable and encouraging
Developer Time Is Valuable - Use the Right Tools - Kilian Valkhof
05:01 MIN
Comparing the security models of browsers and native apps
Developer Time Is Valuable - Use the Right Tools - Kilian Valkhof
01:32 MIN
Organizing a developer conference for 15,000 attendees
Cat Herding with Lions and Tigers - Christian Heilmann
Featured Partners
Related Videos
33:20DevSecOps: Security in DevOps
Aarno Aukia
44:30Securing Your Web Application Pipeline From Intruders
Milecia McGregor
34:44Applying DevOps in Flutter mobile development
Majid Hajian
44:40Enabling automated 1-click customer deployments with built-in quality and security
Christoph Ruggenthaler
06:09Mobile vs. Backend DevOps
Mete Baydar
16:00DevSecOps culture
Ali Yazdani
54:51The perfect CI/CD React Native pipeline with Fastlane
Edoardo Dusi
21:53Simple Steps to Kill DevSec without Giving Up on Security
Isaac Evans
Related Articles
View all articles
From learning to earning
Jobs that call for the skills explored in this talk.
Ryan, LLC
Frimley, United Kingdom
£38-41K
Go
API
iOS
Bash
+19