Kubernetes Security at Shopify Scale: Automating Security Across an Infrastructure Monorepo - Jie Wu & Pulkit Garg, Shopify

less than 1 minute read

Abstract

Security isn’t just a checkbox — it’s what enables teams to move fast with confidence. Managing Kubernetes security across thousands of services and deployments is like herding cats — except the cats can accidentally expose your entire infrastructure. This talk shares Shopify’s real-world journey of securing its infrastructure monorepo, where a single misconfiguration could impact millions of merchants worldwide. We’ll walk through how Shopify combined Semgrep for static code analysis and Open Policy Agent (OPA) for dynamic policy enforcement to detect and prevent risky configurations before they reach production. Along the way, we’ll share the wins, rough patches, and lessons that helped us integrate these tools at scale with less friction. Attendees will learn how to use open-source tools to automate security checks, enforce policy, and enable their teams to ship fast and securely.

Sched URL

Video

Share on

X Facebook LinkedIn Bluesky

About

Conferences

Kubernetes Security at Shopify Scale: Automating Security Across an Infrastructure Monorepo - Jie Wu & Pulkit Garg, Shopify

Abstract

Video

Share on

You May Also Enjoy

The Shared Service Blueprint: A Guide to Multi-Tenancy, Illustrated With KEDA - Aya Igarashi, Preferred Networks, Inc.

Tailor Made: Dynamic Fine-Grained Authorization for API Traffic - Erica Hughberg, Tetrate & Andres Aguiar, Okta

SPIFFE Meets OAuth: Federated Identity for Cloud Native Workloads - Yoshiyuki Tabata, Hitachi, Ltd.

SB💣💣M: Making SBOMs Play Together - Jacopo Bufalino, CNAM & Agathe Blaise, Thales SIX GTS France