SecurityConference50min
Stop Duct-Taping DevSecOps: An Engineer’s Guide to Security and the Smithy Open SDK
This talk introduces Smithy, an open-source SDK and workflow engine designed to streamline security processes in modern tech stacks. It addresses the challenges of fragmented tools and complex security requirements by normalizing outputs, enriching data, and providing structured evidence. Attendees will learn to create resilient DevSecOps workflows, transforming raw security data into actionable, traceable events.
Pavlos Tzianos
talkDetail.whenAndWhere
Wednesday, November 12, 14:00-14:50
Dhalia
Modern tech stacks are complex and piled high with multiple frameworks, cloud infra, solutions etc. You can’t write PHP and FTP it to a server anymore. Meanwhile Security requirements are growing and Security teams are mandating ever more checks, tests and faster remediation.
As a result, Dev teams drown in fragmented tools, reporting in inconsistent formats, and brittle pipelines that seem to break only when you are in a hurry.
This is no way to work. In this talk we share our learnings from building Smithy, an Open Source, developer-first SDK and lightweight workflow engine designed to orchestrate security tools, normalize outputs using OCSF, enrich with custom info and persist results as structured evidence.
During this session, we’ll walk through the technical and design lessons we learned while building the Smithy SDK and Workflow Engine.
We’ll explore why normalization of JSON output to a common format makes sense for many use cases, and how a 60-line integration can now run anywhere — from CI to containers to secure enclaves.
You’ll learn how to transform raw scanner output into normalized, traceable events; how to add context for triage and remediation; and how to create resilient, observable automations that can survive flaky APIs, odd edge cases, and craft real-world DevSecOps workflows.
Whether you’re building your own security tooling or tired of duct-taping YAML together, this talk offers practical, reusable patterns — and an open-source foundation to build on.
As a result, Dev teams drown in fragmented tools, reporting in inconsistent formats, and brittle pipelines that seem to break only when you are in a hurry.
This is no way to work. In this talk we share our learnings from building Smithy, an Open Source, developer-first SDK and lightweight workflow engine designed to orchestrate security tools, normalize outputs using OCSF, enrich with custom info and persist results as structured evidence.
During this session, we’ll walk through the technical and design lessons we learned while building the Smithy SDK and Workflow Engine.
We’ll explore why normalization of JSON output to a common format makes sense for many use cases, and how a 60-line integration can now run anywhere — from CI to containers to secure enclaves.
You’ll learn how to transform raw scanner output into normalized, traceable events; how to add context for triage and remediation; and how to create resilient, observable automations that can survive flaky APIs, odd edge cases, and craft real-world DevSecOps workflows.
Whether you’re building your own security tooling or tired of duct-taping YAML together, this talk offers practical, reusable patterns — and an open-source foundation to build on.
talkDetail.shareFeedback
talkDetail.signInRequired
talkDetail.signInToFeedbackDescription
comments.speakerNotEnabledComments