DevSecOps — Is this a real thing or just another IT buzzword?

DevSecOps — Is this a real thing or just another IT buzzword?

I have been thinking about this for quite sometimes. DevSecOps has been in discussion for about two to three years but I have not seen a full adoption of these principles in all the customers that I have been dealing with. I started to ask myself if DevSecOps adoption is really possible to implement and what are the challenges of introducing these principles to application development and operational decisions and actions.

Foreword:

I have been thinking about this for quite sometimes. DevSecOps has been in discussion for about two to three years but I have not seen a full adoption of these principles in all the customers that I have been dealing with. I started to ask myself if DevSecOps adoption is really possible to implement and what are the challenges of introducing these principles to application development and operational decisions and actions.

This argument is written based on containerization adoption in mind.

Part 2 of this series is here

What is DevSecOps?

DevSecOps — is to make everyone accountable for security with the objective of implementing security decisions and actions at the same scale and speed as development and operations decisions and actions.

Why DevSecOps?

Understanding why an enterprise needs DevSecOps is an important question to answer first. To help us answer this question we need to understand what are the triggers that introduce this methodology to us.

If you think about it, the triggers are the following:

  • Cloud
  • DevOps
  • Open Source Software innovation explosion
  • Containers/Microservices
  • Digital transformation

All of these are needed to enable agility and speed in devs and Ops. But this also introduces new threats and risks. In most cases, the traditional security approach is not enough to handle these threats.

agile devops ci-cd-pipeline containers devsecops

Bootstrap 5 Complete Course with Examples

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Building a simple Applications with Vue 3

Deno Crash Course: Explore Deno and Create a full REST API with Deno

How to Build a Real-time Chat App with Deno and WebSockets

Convert HTML to Markdown Online

HTML entity encoder decoder Online

How To Setup a CI/CD Pipeline With Kubernetes 2020 - DZone DevOps

This article gives direction to getting your CI/CD pipeline up and running on the Kubernetes cluster by the GitLab CICD pipeline.

Kick-Off Your Agile Team With A Working Agreement Workshop

In this article, I will discuss how I adapted Avi’s original canvas to the needs of the teams I was coaching, elaborate on the different elements of a working agreement, and share with you a step-by-step guide to facilitating collaborative working agreement development workshops.

Serverless CI/CD on the AWS Cloud

To set up a serverless CI/CD pipeline in your AWS environments, there are several key services that you need to use. Find out more here.

Ever Wondered Why We Use Containers In DevOps?

At some point we've all said the words, "But it works on my machine." It usually happens during testing or when you're trying to get a new project set up. Sometimes it happens when you pull down changes from an updated branch.

CI/CD Pipeline with Azure DevOps for Data Science project.

CI/CD Pipeline with Azure DevOps for Data Science project.: A CI/CD Pipeline implementation, or Continuous Integration/Continuous Deployment for Data science.