0x00 Preface
SDL targets the waterfall development model, while DevSecOps adapts to the agile development process, which is often referred to as DevOps. This article is an overview of DevSecOps
0x01 DevSecOps Basics
DevSecOps is a concept proposed by Gartner in 2012. Its main purpose is to embed security into various DevOps processes.
1. Advantages
- Delivery faster
- cut costs
- control risk
2. Difficulties
- Information security knowledge is not popular
- Lack of leadership support
3.Ultimate purpose
The ultimate goal of DevSecOps is to introduce a framework to solve the contradiction between rapid delivery and confidence and security
4.Guiding Principles
- Safe left shift
- safe by default
- Runtime security
- Security service automation/autonomy
- Leverage continuous delivery and integration
- Organization and culture building
0x02 DevSecOps process
1. Main process
Mainly relies on the following picture:
- plan
- create
- verify
- reborn
- prevent
- Detect
- Respond
- Predict