Getting started with DevSecOps
Vanshika Srivastava
Posted on August 9, 2022
You might have heard a lot about DevOps, but what do you know about DevsecOps ?
Well in this blog, I am going to introduce this term and why we need to focus on DevSecOps as a key function.
What is DevSecOps?
DevSecOps stands for Developer, Security and Operations. DevSecOps can be taken as DevOps process but with a security layer.
If we go by looking at the traditional DevOps model - the security process is almost absent but usually executed post-deployment which is not a very good idea for any kind of tool/application or project. DevOps revolves around three pillars - People, Product and Processes (as quoted by - Donavan Brown) but when we talk about DevSecOps, we apply security techniques to all these three components.
“The purpose and intent of DevSecOps is to build on the mindset that everyone is responsible for security with the goal of safely distributing security decisions at speed and scale to those who hold the highest level of context without sacrificing the safety required,” describes Shannon Lietz, co-author of the “DevSecOps Manifesto.”
DevSecOps is different from DevOps in the following ways -
Continuous Integration, delivery and deployment to make sure security testing is regular and automated before the application is pushed to production.
Application built like microservice
Infrastructure as Code - planning, designing, implementing and managing app infrastructure through code
Features of introducing DevSecOps-
- Observability
- Traceability
- Compliance
- Confidence
Following the Shift Left Trend :
The earlier you run the security,
the better for your team, product and costs.
You don’t want your developers to work again
on the code base and other issues post-deployment.
This means, the engineers work on
security issues parallelly to working on the product.
Some tips that can make your security operations better when your application is under development -
- Make security part of backlog or sprint activity
- Assume breaches - progressively expose them to engineering teams so that vulnerabilities can be identified and fixed.
DevSecOps practices reduce the time to patch vulnerabilities and free up security teams to focus on priority work. As a process, they also ensure and simplify compliance, saving application development projects from having to be retrofitted for security.
There’s no doubt that DevSecOps revolutionizes the way organizations handle security for applications. However, due to a variety of reasons—such as a lack of awareness of what DevSecOps is, there might be a shift in interests.
What’s next ?
After exploring DevOps, I am working on learning more about DevSecOps. Here is an open source tool for the same - BoxyHQ
Find Github : github.com/boxyhq
Join the BoxyHQ Discord Community here
Posted on August 9, 2022
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.