DevSecOps‎ > ‎

What is DevSecOps?

posted Jan 17, 2022, 1:32 AM by Sachchida Ojha   [ updated Jan 18, 2022, 3:17 PM ]

The term DevSecOps is used to describe a security focused, continuous delivery, software development life cycle (SDLC). DevSecOps builds on the learnings and best practices of general DevOps. The application of DevOps values to software security means that security verification becomes an active, integrated part of the development process. Traditionally, and often times unfortunately, security has been treated as a secondary system. InfoSec often engages with development teams towards the end of the SDLC. Noble as their intentions are, it can be frustrating to discover security vulnerabilities at the end of the SDLC.

DevSecOps promotes traditional security engagement to an active process of the SDLC. General DevOps has introduced processes like continuous integration (CI) and continuous delivery (CD). These processes ensure the active testing and verification of code correctness during the agile development process. Similarly, DevSecOps injects active security audits and penetration testing into agile development. DevSecOps advocates that security should be built into the product, rather than applied to a finished product.