Introduction to DevSecOps Concepts
What is DevSecOps?
DevSecOps is the integration of security into emerging agile IT and DevOps development as seamlessly and as transparently as possible. Ideally, this is done without reducing the agility or speed of developers or requiring them to leave their development toolchain environment. — by Gartner
Before discussing why to implement DevSecOps, a basic overview of the Traditional Security and its sequence in the DevOps cycle is discussed below.
Traditional Security
This involves manual checks, detection of vulnerabilities, approvals, and controls. DevOps Cycle has the following stages Plan, Build, Test, Deploy, Operate, and Monitor. Security is implemented only when the code is in production. Performing security at the ending stages has many issues. This will be discussed further in this article.
Why should I even worry about this?
- Cope with the speed of DevOps development
Modern systems use cloud-native technologies, micro-services, and infrastructure provisioning using code (IaC) in the cloud, DevOps approach. Traditional security is slow and unable to keep up with DevOps’s speed. With the DevSecOps approach, security is integrated right from the Plan stage to the Monitor stage.
