Introduction to Devsecops

During this webinar, we covered following:

• Why do we need DevSecOps?
• How do we implement DevSecOps?
• Integrating security in your DevOps pipeline
• Popular tools for DevSecOps
• Some implementation examples
• Benefits of DevSecOps

Why we need DevSecOps?

Be it any industry – healthcare, banking, social media, etc. security is of prime importance. Breaches and data leaks are detrimental to businesses. In DevOps, our goal is to deploy the tested application into production in an automated way. Security review should take place only at a later stage when the application is pushed into production or afterwards. Security is not inherently part of the DevOps pipeline.

Applications nowadays have evolved into micro-services, which spawn more services and exchange information between them. Each touchpoint is a potential target for hackers. So, we must carry out a security review and verify all these touchpoints. Security review must look out for vulnerabilities, outdated 3rd party libraries, licensing issues, sensitive data leakage, vulnerable docker images, misconfigurations of KS8, etc.

Instead of focusing on security after the DevOps, the key is making security checks part of the development process. Baking security into your applications from the beginning has advantages over waiting for security review until the final stages of the delivery. The obvious advantage of doing this is that you get to identify and resolve potential vulnerabilities on time. And the earlier you find any bugs, the cheaper it will be for you to fix them.

Please watch the full webinar to get the detailed understanding of DevSecOps.