Did you ever wonder what is the magical DevSecOps? It connects developers, security, and operations in one cooperative team. DevSecOps like DevOps is a methodology and cultural aspect of development and innovation.
DevOps tooling like Software composition analysis, SAST, DAST, IAST, and Runtime application protection baked in CI/CD developed by engineering with M-shaped skills make the real DevSecOps culture.
Cloud security automation like IaC deployments and scanning of IaC is a big part of today's practices. All of that goes hand in hand with SBOM (Software bill of materials) and IBOM (Infrastructure bill of materials)
A necessary part of DevSecOps is learning and automation. Especially scaled learning from each other in between the teams.
Resources used in the video :
cloudsecuritya...
digital.ai/dev... - DevOps periodical table
dsomm.timo-pag... - DevSecOps maturity model.
My own infographics for explaining the important matter.
github.com/sot... - DevSecOps tooling library
aws.amazon.com...
---
Author: Marek Šottl
Web: www.sottlmarek...
Twitter: / sottlmarek
Connect with me: / mareksottl
Subscribe: / @hackitectsplayground
Негізгі бет What is DevSecOps?
Пікірлер: 6