DevSecOps Intro

In this article, I will explain what DevSecOps is, how it is altering the software industry, and how we can instill and measure the progress of implementing one.

What is DevSecOps ?

DevSecOps is an acronym that stands for development, security, and operations. Its slogan is to hold everyone accountable for security, with the goal of implementing security choices and actions on the same scale and speed as development and operations decisions and actions are implemented.

Every firm that uses a DevOps architecture should strive to adopt a DevSecOps attitude and bring employees of all skills and across all technical disciplines to a higher degree of security competency. A DevSecOps architecture that employs DevSecOps technologies guarantees security is incorporated into apps rather being slapped on hastily afterwards, from testing for potential security vulnerabilities to designing business-driven security services.

We experience continuous integration when the cost of compliance is minimized and software is developed and published faster by ensuring that security is present at every level of the software delivery lifecycle.

Why DevSecOps?

Over the last decade, the IT infrastructure landscape has changed at an exponential rate. The transition to flexible cloud computing platforms, shared storage and data, and dynamic applications has resulted in significant benefits for enterprises seeking to flourish and expand via the usage of innovative apps and services.

However, while DevOps apps have advanced in terms of speed, scalability, and functionality, they frequently fall short in terms of solid security and compliance. As a result, DevSecOps was brought into the software development lifecycle to unify development, operations, and security.

How DevSecOps ?

A common DevSecOps workflow looks like this:

1. A version control system is used to build software.
2. A different team member examines the changes updates for security flaws, general code quality, and potential bugs.
3. The application is deployed with security config, controls.
4. Automation is used to test the back end, user interface, integrations, and security of the application.
5. The application gets transferred to the production environment if it passes the testing.
6. Various monitoring apps and security software monitor the application in the production environment.

In the next tutorial lets dive how a framework can help us measure this.

Cheers and Happy Building 🤘

Avinash Erupaka

I am a technology leader, with experience driving all aspects of technology transformation, from strategy to future state architecture. For last 10 years I worked for major corporations building B2B, B2C & internal platforms. I worked in the capacity of a senior dev, tech lead, Platform architect with hand-on experience driving technology strategy enabling business strategy. My expertise is in disciplines like distributed cloud Architectures, Data engineering and analytics, web and mobile application development, IoT, automation, security by design , agile - devsecops practices. I love managing teams and solving complex problems. I love tech, teaching, traveling, and fitness level boxing. I have proficiency using tools like React.js, Redux, Bootstrap, Material Design for the front end. Node.js, Scala, Clojure and Java for the back end. I leverage AWS, GCP, AZURE, OCI cloud platforms and I am a Multi Cloud Certified Architect. Opinions are my own and not the views of my employer.