DEV Community πŸ‘©β€πŸ’»πŸ‘¨β€πŸ’»

DEV Community πŸ‘©β€πŸ’»πŸ‘¨β€πŸ’» is a community of 966,904 amazing developers

We're a place where coders share, stay up-to-date and grow their careers.

Create account Log in
Cover image for Getting started with DevSecOps
Vanshika Srivastava
Vanshika Srivastava

Posted on

Getting started with DevSecOps

You might have heard a lot about DevOps, but what do you know about DevsecOps ?

Well in this blog, I am going to introduce this term and why we need to focus on DevSecOps as a key function.

What is DevSecOps?

DevSecOps stands for Developer, Security and Operations. DevSecOps can be taken as DevOps process but with a security layer.

If we go by looking at the traditional DevOps model - the security process is almost absent but usually executed post-deployment which is not a very good idea for any kind of tool/application or project. DevOps revolves around three pillars - People, Product and Processes (as quoted by - Donavan Brown) but when we talk about DevSecOps, we apply security techniques to all these three components.

β€œThe purpose and intent of DevSecOps is to build on the mindset that everyone is responsible for security with the goal of safely distributing security decisions at speed and scale to those who hold the highest level of context without sacrificing the safety required,” describes Shannon Lietz, co-author of the β€œDevSecOps Manifesto.”

Image credits : Blog.mastek.com

DevSecOps is different from DevOps in the following ways -

  • Continuous Integration, delivery and deployment to make sure security testing is regular and automated before the application is pushed to production.

  • Application built like microservice

  • Infrastructure as Code - planning, designing, implementing and managing app infrastructure through code

Features of introducing DevSecOps-

  • Observability
  • Traceability
  • Compliance
  • Confidence

Following the Shift Left Trend :

The earlier you run the security,
the better for your team, product and costs.
You don’t want your developers to work again
on the code base and other issues post-deployment.
This means, the engineers work on
security issues parallelly to working on the product.
Enter fullscreen mode Exit fullscreen mode

Some tips that can make your security operations better when your application is under development -

  • Make security part of backlog or sprint activity
  • Assume breaches - progressively expose them to engineering teams so that vulnerabilities can be identified and fixed.

DevSecOps practices reduce the time to patch vulnerabilities and free up security teams to focus on priority work. As a process, they also ensure and simplify compliance, saving application development projects from having to be retrofitted for security.

There’s no doubt that DevSecOps revolutionizes the way organizations handle security for applications. However, due to a variety of reasonsβ€”such as a lack of awareness of what DevSecOps is, there might be a shift in interests.

What’s next ?

After exploring DevOps, I am working on learning more about DevSecOps. Here is an open source tool for the same - BoxyHQ

Find Github : github.com/boxyhq
Join the BoxyHQ Discord Community here

Top comments (0)

🌚 Browsing with dark mode makes you a better developer.

It's a scientific fact.