DevSecOps as an extension of DevOps

DevSecOps as an extension of DevOps

A couple of months ago we’ve heard about Docker and vulnerabilities found on some of their images. It’s easy to imagine what could happen if one of our applications would be running on one of those images.

A couple of months ago we’ve heard about Docker and vulnerabilities found on some of their images. It’s easy to imagine what could happen if one of our applications would be running on one of those images.

Photo by Kelly Sikkema on Unsplash

Sometimes the inexperience or the times to deliver decide us to use one of the images available on the docker’s site, but do we really know what are we using? Sometimes It’s reduced to a faith thing. But having the right tools we could forget about that kind of issue, or at least, we could have a way to detect if our image has suffered a leak or it’s exposing us to vulnerability.

Image for post

DevSecOps is the natural extension of DevOps and Agile cultures to incorporate Security as the main concern. Its essential goal can be defined as “Incorporate security awareness in the whole value delivery pipeline, from ideation to implementation to delivery and monitoring”. As with DevOps and Agile movements, this goal is interpreted and implemented as lean as possible, minimizing bureaucracy and maximizing delivered value to the clients.

While our world becomes more and more information-based, the security of our customer’s information is increasingly more valuable. How we take care of our customers’ information can be a competitive advantage or take us out of business (see this article). CEOs and founders are eager to pay 20% more AND changing providers if grant a higher level of cyber-security, according to very recent study by Continuum.

According to this Cybersecurity Ventures report, a ransomware attack will be carried out on a company every 14 seconds in 2019 what represents an economic cost of almost 11.5 billion dollars for the companies.

security cybersecurity devsecops devops docker

Bootstrap 5 Complete Course with Examples

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Building a simple Applications with Vue 3

Deno Crash Course: Explore Deno and Create a full REST API with Deno

How to Build a Real-time Chat App with Deno and WebSockets

Convert HTML to Markdown Online

HTML entity encoder decoder Online

Automating Security in DevOps: Top 15 Tools

Cybersecurity is a big concern for many companies. With data breaches happening more and more as attacks increase in sophistication, teams are looking at all of the options they have to prevent them.

Ever Wondered Why We Use Containers In DevOps?

At some point we've all said the words, "But it works on my machine." It usually happens during testing or when you're trying to get a new project set up. Sometimes it happens when you pull down changes from an updated branch.

7 Best DevOps Security Practices: DevSecOps and Its Merits

This article discusses a more elaborate meaning of the two primary methodologies applied in the development cycles by software developers and operational engineers. By understanding what DevOps and DevSecOps are, we can then figure out and appreciate the significance of securing them. That way, the article can provide some of the applied security best practices.

Docker manifest - A peek into image's manifest.json files

The docker manifest command does not work independently to perform any action. In order to work with the docker manifest or manifest list, we use sub-commands along with it. This manifest sub-command can enable us to interact with the image manifests. Furthermore, it also gives information about the OS and the architecture, that a particular image was built for. The image manifest provides a configuration and a set of layers for a container image. This is an experimenta

Docker Explained: Docker Architecture | Docker Registries

Following the second video about Docker basics, in this video, I explain Docker architecture and explain the different building blocks of the docker engine; docker client, API, Docker Daemon. I also explain what a docker registry is and I finish the video with a demo explaining and illustrating how to use Docker hub.