Security

DevSecOps

An approach that integrates security practices into every phase of the software development lifecycle, making security a shared responsibility across development and operations teams.

Also known as:Secure DevOpsDevOps Security

What is DevSecOps?

DevSecOps (Development, Security, and Operations) is the philosophy of integrating security practices within the DevOps process. It creates a culture where security is a shared responsibility, built into the software development lifecycle from the start rather than added at the end.

Core Principles

Shift Left Move security earlier in the development process.

Automation Automate security testing and controls.

Shared Responsibility Everyone owns security.

Continuous Improvement Iterate and improve security posture.

DevSecOps Pipeline

Plan

  • Threat modeling
  • Security requirements
  • Risk assessment

Code

  • Secure coding training
  • IDE security plugins
  • Pre-commit hooks

Build

  • SAST (Static Analysis)
  • Dependency scanning
  • Secret detection

Test

  • DAST (Dynamic Analysis)
  • Security testing
  • Penetration testing

Release

  • Container scanning
  • Configuration validation
  • Compliance checks

Deploy

  • Infrastructure as Code security
  • Deployment verification
  • Environment hardening

Operate

  • Runtime protection
  • Monitoring and logging
  • Incident response

Monitor

  • Vulnerability management
  • Threat detection
  • Security metrics

Tools by Category

SAST: SonarQube, Checkmarx, Semgrep DAST: OWASP ZAP, Burp Suite SCA: Snyk, Dependabot, FOSSA Secrets: GitLeaks, TruffleHog Container: Trivy, Aqua, Prisma Cloud

Previous

Data Residency

Next

Differential Privacy