DevOps

This session has been performed in DrupalIberia 2024 & Drupalcamp Spain 2024

Abstract:

Get your cards out—let’s play buzzword bingo!

This session aims to demystify DevSecOps and provide a clear, step-by-step guide for integrating security seamlessly into the DevOps lifecycle. But this is more than just theory—we’ll explore real-world strategies, tools, and cultural shifts needed to create a robust DevSecOps environment, specifically tailored to teams working with Drupal and related web technologies.

Shadow or silent patching- fixing security vulnerabilities without disclosure—presents a critical blind spot in software supply chain security. With 1 in 6 vulnerabilities patched silently, traditional security tools relying on public vulnerability databases like CVE or NVD fall short, leaving organizations exposed to unknown risks. This presentation introduces an entirely novel research that harnesses the power of Large Language Models (LLMs) to detect these hidden vulnerabilities in open-source software.

Injection attacks like SQL injection (SQLi) have a history that is older than the Internet Explorer, so why then does it continue to plague our modern applications?

In a recent research project, we look at various injection attacks including, SQLi, Command Injection, Path Traversal and Cross-Site Scripting (XSS) attacks in both open-source and closed-source projects to discover how prevalent they remain in 2025.

Keeping PHP dependencies up to date is a good practice. Under optimal conditions, we can proceed with scheduled automated updates in our CI/CD pipelines. However, with Drupal modules, things are more complicated because it is generally necessary to manually update the module configuration via the drush export command. If, like us, you enjoy delegating your tedious tasks to a machine, we'll show how Renovate can automate configuration exports after a Drupal module update.... and, why not, implement an industrialization of automated updates for Drupal modules.

Get your cards out, let's play buzzword bingo!

Introduction to Drush

Are you tired of navigating through Drupal's admin interface to get things done? Want to speed up development or just look incredibly cool while typing away at the terminal? Time to stop clicking and start typing: learn how to leverage Drush to build and maintain your Drupal sites.

In this session, we'll cover the basics of Drush:

At VDAB we built a visual regression testing workflow on top of BackstopJS. This open source tool lets you compare screenshots over time of (parts of) your website or application so you can maintain, update and deploy your code ensuring the visual integrity remains unchanged.
In this talk I will show you how you can set up your own BackstopJS testing workflow with examples and some different approaches. But also how we at VDAB use it on a daily basis, and all the cool features we build into our workflow.

Ask Nick anything about Gitlab, how to increase contributions and features about the product.

Livestream:

Most people who run a Drupal website at a decent scale have probably heard of Varnish: Varnish is a reverse cache proxy you put in front of Drupal to accelerate your website.

It comes with some VCL code that might seem confusing at first, there are some Drupal modules you need to install and configure in order to invalidate the cache. But how does it really work?