DevSecOps -- it's a mouthful, but also a buzzword that makes a clear point: Security now must become the central ingredient, the filling if you will, in the DevOps sandwich. Without security, DevOps may make software development faster. But in the end, all that effort will likely prove fruitless: What's the point, after all, of releasing new software that's loaded up with security vulnerabilities?
In the past, security was too often an afterthought in the software development lifecycle, and the security team was sometimes even seen as a roadblock to the launch of new software. Implementing DevSecOps means getting both the development and operations teams thinking about security all the time and employing security tools and processes to prevent flaws from happening in the first place. This handbook on DevSecOps explains in depth why IT professionals need to consider security a key ingredient in software creation and how to fit security into their development process.
There are several key steps any corporate team involved in software development needs to know about how to turn DevOps into DevSecOps. This includes meeting with other teams (risk managers are important to consult, for instance), training, logging, defining duties and understanding what already installed security tools can do -- and what others might be needed.
We hope that, by studying this guide to DevSecOps, you'll come away with a deeper understanding of how and why security should not be considered optional when it comes to the software development process and what exactly you need to do now to construct efficient and effective DevSecOps for your company.
Security is now an essential, not optional, ingredient in software development. Learn how best to work it into the process.