CONCEPT

DevSecOps

What it is

The term DevSecOps refers to a cultural merger of the development, operational, and security responsibilities. It extends the DevOps approach to include security priorities with minimal to no disruption in the developer and operational workflow. Like DevOps, DevSecOps is a cultural shift, pushed by the technologies adopted, with unique adoption methods.

Problem it addresses

DevOps practices include continuous integration and continuous deployment and accelerate application development and release cycles. Unfortunately, automated release processes that fail to represent all organizational stakeholders adequately can exacerbate existing issues. A process that rapidly releases new software without considering security needs can degrade an organizations’ security posture.

How it helps

DevSecOps focuses on breaking down team silos and promotes the creation of secure, automated workflows. When selecting security applications, organizations must take advantage of automated CI/CD workflows and policy enforcement that empower the developer. The goal is not to be a blocker but to enforce security policies while giving users accurate information on how to move their project forward. When properly implemented, an organization will gain better team communication and reduce security mishaps and associated costs.


Last modified October 5, 2021: Help docs refactor (#235) (b30f6c4)