35 Million Lines, Zero Build-Breakers: How Adyen Scaled DevSecOps (June 23rd)
Tuesday, June 23rd, 2026: 11:00 AM to 5:30 PM
In this technical session, Adyen DevSecOps expert Supun Vidana Pathiranage and JFrog's Yonatan Arbel break down the architecture Adyen built to decouple dependency resolution from their core build system. This approach enables accurate, scalable visibility and reliable security scanning without disrupting developer workflows or requiring a total system rewrite.
Virtual
When managing a massive, multi-language monolith with over 35 million lines of code, visibility into security risks is the first casualty. For Adyen, the challenge wasn’t just finding vulnerabilities, but identifying dependencies within a highly customized build environment.
In this session, you’ll learn:
- Architectural patterns for managing dependency visibility in massive, multi-language monorepos without rewriting your build system
- The Battlestar framework: how Adyen turns raw scan results into actionable security feedback that developers can act on
- Shift-left AppSec enforcement in practice: implementing security gates at the Merge Request level without slowing down delivery or drowning teams in false positives
You’ll leave with proven, actionable patterns for modernizing your software supply chain, enforcing meaningful security gates, and scaling DevSecOps across complex, real-world build environments.
Hosted by DevOps.com