WTH is DevSecOps?
Image Credit: DevOps.com

WTH is DevSecOps?

We are in a fast-changing world today, where most of our task is carried out through a click of a button or just tap on phone screen. Whether it is buying grocery or buying clothes online or even selling and buying cars. Everything is turning digital. When it comes to fund transfer/account statements/ phone bill payment everything is just a click away. We can see and even experience technology involved in our day-to-day activities. So, what do we know about DevSecOps and why do we need security?

You all must have heard about SolarWinds attack that made a huge noise of massive cybersecurity attack. SolarWinds is a company that provides an IT performance management and monitoring system called Orion. Hackers targeted SolarWinds by deploying malicious code into its Orion IT monitoring and management software used by thousands of enterprises and government agencies worldwide.

These kind of attacks makes security very important in software industry because of which President Joe Biden had urged to have more than 600,000 cybersecurity jobs in U.S. This just shows the importance of security in cloud companies.

From the word DevSecOps we understand that it is the intersection of DevOps and security. DevSecOps helps in introducing security at an earlier stage of application development. It helps in minimizing vulnerabilities, solving any licensing issues and stopping leakage of sensitive data.

Advantages of DevSecOps:

  • Finding vulnerabilities at an earlier stage during development, instead of having issue during release cycle.
  • Better communication and collaboration between the teams.
  • Increase in faster delivery with secure application is where the industry is heading.

How does DevSecOps work?

To understand how DevSecOps work, let us understand the current DevOps flow, so developers write the code they store it in a code repository like GitHub, GitLab, Azure Repo and many more. Then we have automated CI/CD pipeline that will include testing of code, building of the code, deploying the code to production. Now what about security? When it comes to sensitive data security comes into play.

Imagine a situation where you have completed the entire development of your application and now it needs to be released to production environment so that client can access it, but before releasing the application there are some test runs for security checks, and your application release gets hold due to security vulnerabilities, that would be wastage of time and efforts.

Why not include security right at the beginning of DevOps stage? Its like baking security in all of your DevOps stages. Its not just the task of security team but it’s the collaboration of both the Dev team and security team. We have feedback loops for security issue and try to fix them at an early stage. Collaboration with security team and developer team. Integrating security tools in DevOps Lifecycle.

Understanding DevSecOps Pipeline:

Plan: Planning is the first stage of DevOps lifecycle, integrating security at the very first stage and creating a plan to execute security analysis.

Code: Use linting tools to secure passwords and API keys.

Build: This is the stage where we need to track down the flaws in the code and fix them before releasing it to production environment. Various Static Application Security Testing (SAST) tools are available.

Test: Always make your authentication process, sensitive data storage secured and it needs to be tested at an early stage. Various Dynamic Application Security Testing (DAST) tools can be used to detect these errors.

Release: Make use of scanning tools to perform vulnerability scanning.

Deploy: Make sure to have a secure build to production for final deployment.

Credits: https://www.techtarget.com/whatis/feature/SolarWinds-hack-explained-Everything-you-need-to-know

https://www.xenonstack.com/insights/guide-devsecops-pipeline

D M J

?? DevOps & Cloud Engineer Passionate About Building and Scaling Tech Infrastructure - Check out my portfolio?? Linux ?? AWS ??? Python ?? Docker ?? Kubernetes ?Terraform ??

2 年

There are really not a lot of training institutions that teach DEVSECOPS at the moment. Do you have any recommendations on how to get DEVSECOPS training?

回复
Jon Radoff

GameTech | AI | ML | Spatial Computing | Virtual Worlds

2 年

Very helpful organization

Mohamed Elsiddig

System/Cloud Engineer | DevOps | Linux/Unix | Git | Jenkins | CICD | Docker | Kubernetes | Terraform |Ansible | VMware | Veeam

2 年
回复

要查看或添加评论,请登录

Megha kadur的更多文章

  • Hackathon Hacks: Tools and Technologies That Made Our Event a Success

    Hackathon Hacks: Tools and Technologies That Made Our Event a Success

    Megha Kadur - Sr. Software Engineer ? Content Security Engineer Participating in Barracuda’s recent 2024 hackathon…

  • WTH is DevSecOps?

    WTH is DevSecOps?

    We are in a fast-changing world today, where most of our task is carried out through a click of a button or just tap on…

    1 条评论
  • Understanding a Helm Chart!

    Understanding a Helm Chart!

    When a chart is applied to your cluster a release is created. A chart is nothing but the collection of files.

  • DevOps Automation using Google Deployment Manager

    DevOps Automation using Google Deployment Manager

    What is Infrastructure as code? Infrastructure as code is a concept that is important in this DevOps world, it…

  • How to write YAML file for Kubernetes

    How to write YAML file for Kubernetes

    What is YAML? YAML is a human readable data-serialization language. It is easy to understand and because of its…

    1 条评论
  • Skills for becoming a DevOps Engineer

    Skills for becoming a DevOps Engineer

    We usually come across various posts for job opportunities in the IT industry, and you all might agree that in our…

    2 条评论
  • The need for Kubernetes in DevOps

    The need for Kubernetes in DevOps

    Why Kubernetes in DevOps? In today’s marketplace, Containers have become the definitive way to develop applications…

    1 条评论
  • Docker Basic Commands - Part 02

    Docker Basic Commands - Part 02

    Steps to install Docker: Below is the link for docker installation, that is provided by Docker, we have clear…

  • Getting Started with Docker – Part 01

    Getting Started with Docker – Part 01

    Introduction to Docker Consider a real-life scenario where we are trying to ship goods from one location to another…

    2 条评论
  • How to create Microsoft Azure Custom Marketplace Extension?

    How to create Microsoft Azure Custom Marketplace Extension?

    Prerequisites and Dependencies : Azure DevOps Organization Node.JS(Version.

    1 条评论

社区洞察

其他会员也浏览了