Welcome to Scribd!

Skip carousel

DevSecOps Notes

Uploaded by

sandeep darla

0% found this document useful (0 votes)

21 views2 pages

Devops Notes

Original Title

DevSecOps_Notes

Copyright

Available Formats

DOCX, PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Devops Notes

Copyright:

Available Formats

Download as DOCX, PDF, TXT or read online from Scribd

Flag for inappropriate content

0% found this document useful (0 votes)

21 views2 pages

DevSecOps Notes

Uploaded by

sandeep darla

Devops Notes

Copyright:

Available Formats

Download as DOCX, PDF, TXT or read online from Scribd

Flag for inappropriate content

Jump to Page

You are on page 1of 2

Search inside document

What is DevSecOps?

Is basically a security enabled DevOps. It is an early integration of security culture, tools and
practices into each phase of development and operations process

Implementing Shift Left approach

Plan  Code Build Deploy  Monitor and Operate

The whole emphasis is about how to bring security as part of Dev Sec Ops.

In short to say bring Dev Security and operations teams together and bringing the culture and
mindset for developers to have security first when they develop the code. To bring security to bring
from far right of the pipeline to let of the pipeline (Meaning to bring security to the initial stage of
SDLC).

The developer can fix the vulnerabilities much earlier with very minimal cost.

1. Install IDE security tools plugin (Greenlight in Veracode, Code sight)

2. Push the code to Source code repository (GitHub, TFS)
3. Build Trigger. We will create a job in Jenkins to pull the code from SCM and store it in local
server.
4. We will integrate the SCA tool (Fortify, Veracode) to Jenkins and initiate the static scans.
5. Check for vulnerabilities report and push the code to QA or Dev env.
6. After successful post build. Now integrate the DAST tool to scan the URL or API of the given
application.

Advantages of DevSecOps

 Spot Vulnerabilities and Bugs early.

 Leverage usage of Open Source components
 Save Costs on resource Management
 Making developers security aware

Pre build – We perform SAST

Post Build – We perform DAST

Important tool of DevSecOps is CICD (Continuous integration and Continuous Delivery) solution.
Plan and develop – capability that allows user stories, planning sprints and coding, source code
repository GitHub.

Build

Shift Left Approach

Plan  Code Build Deploy  Monitor and Operate

The whole emphasis is about how to bring security as part of Dev Sec Ops.

The developer can fix the vulnerabilities much earlier with very minimal cost.

The main concept is to automate the whole pipeline with security integration.

Two main terms SAST & DAST

DevSecOps Presentation
Document20 pages
DevSecOps Presentation
cheenu
100% (4)
DevSecOps Reading
Document3 pages
DevSecOps Reading
sajedox190
No ratings yet
Dev Ops
Document37 pages
Dev Ops
Zlatko Pažin
No ratings yet
Mastering Swift Package Manager: Build and Test Modular Apps Using Xcode
From Everand
Mastering Swift Package Manager: Build and Test Modular Apps Using Xcode
Avi Tsadok
No ratings yet
Ebook DevSecOps
Document13 pages
Ebook DevSecOps
littlestone90
No ratings yet
Security Expertise in Dev Sec Ops
Document5 pages
Security Expertise in Dev Sec Ops
shanthi rajesh
No ratings yet
Deploying DevSecOps With Scalability in Mind
Document18 pages
Deploying DevSecOps With Scalability in Mind
zeeh2005
No ratings yet
Shrivastava DevSecOps What Why and How
Document50 pages
Shrivastava DevSecOps What Why and How
Kalq
No ratings yet
DevOps & DevSecOps - Overview
Document10 pages
DevOps & DevSecOps - Overview
Victor
No ratings yet
10 Things To Get Right For Successful DevSecOps
Document12 pages
10 Things To Get Right For Successful DevSecOps
Mohammed Ahmed
No ratings yet
Devsecops Notes!: Agile Application Security Book
Document3 pages
Devsecops Notes!: Agile Application Security Book
mundr
No ratings yet
ECDE Brochure
Document13 pages
ECDE Brochure
Manuela Marinescu
No ratings yet
DevSecOps Professional Datasheet v1.5 Detailed
Document7 pages
DevSecOps Professional Datasheet v1.5 Detailed
dono
No ratings yet
DevSecOps Caretcloud Brochure
Document9 pages
DevSecOps Caretcloud Brochure
Phani Mathangi
No ratings yet
Implementing DevSecOps with Docker and Kubernetes: An Experiential Guide to Operate in the DevOps Environment for Securing and Monitoring Container Applications
From Everand
Implementing DevSecOps with Docker and Kubernetes: An Experiential Guide to Operate in the DevOps Environment for Securing and Monitoring Container Applications
José Manuel Ortega Candel
No ratings yet
WP Build Security SDLC Coverity
Document14 pages
WP Build Security SDLC Coverity
andi susanto
No ratings yet
DevSecOps Lecture Day1 Presentation
Document8 pages
DevSecOps Lecture Day1 Presentation
Sudipta Kr Banerji
No ratings yet
DevOps Reading
Document4 pages
DevOps Reading
sajedox190
No ratings yet
Wind River CI CD Ebook v5b
Document21 pages
Wind River CI CD Ebook v5b
Vinay Venkatesh
No ratings yet
GitHub Ebook Built in Security Demo Day Promo
Document22 pages
GitHub Ebook Built in Security Demo Day Promo
Chloé O Bryan
No ratings yet
DevOps Vs DevSecOps Everything You Need To Know!
Document9 pages
DevOps Vs DevSecOps Everything You Need To Know!
Nife Labs
No ratings yet
IT Part Prep
Document8 pages
IT Part Prep
Bhanu Pratap
No ratings yet
Rahul Kalva Hyderabad - Secunderabad 10.00 Yrs
Document4 pages
Rahul Kalva Hyderabad - Secunderabad 10.00 Yrs
Beena Singh
No ratings yet
SDLC Stages Devops
Document3 pages
SDLC Stages Devops
Omkar N Srivastava Official
No ratings yet
How To Become A Successful DevOps Engineer
Document5 pages
How To Become A Successful DevOps Engineer
David Massiha
No ratings yet
Implementing Cloud Native Security: Shift-Left To Increase Effectiveness
Document7 pages
Implementing Cloud Native Security: Shift-Left To Increase Effectiveness
范先生
No ratings yet
Career Summary: Rajesh Kumar Principle Architect Devops, Devsecops, Sre & Microservices
Document6 pages
Career Summary: Rajesh Kumar Principle Architect Devops, Devsecops, Sre & Microservices
Sandip Sahu
No ratings yet
5 Steps To Designing An Embedded Software Architecture, Step 1
Document4 pages
5 Steps To Designing An Embedded Software Architecture, Step 1
sclu2000
No ratings yet
Visual Studio Code Distilled: Evolved Code Editing for Windows, macOS, and Linux
From Everand
Visual Studio Code Distilled: Evolved Code Editing for Windows, macOS, and Linux
Alessandro Del Sole
Rating: 3 out of 5 stars
3/5 (1)
Devops Road Map To Success
Document4 pages
Devops Road Map To Success
Omkar N Srivastava Official
No ratings yet
DevOps Beginners to Advanced with Projects
From Everand
DevOps Beginners to Advanced with Projects
Adil Khan
No ratings yet
Week 12 Session 3
Document19 pages
Week 12 Session 3
Ms
No ratings yet
Unit-2-CI CD & Docker PDF
Document22 pages
Unit-2-CI CD & Docker PDF
Divyanshi Sharma
No ratings yet
Devsecops Security Checklist
Document18 pages
Devsecops Security Checklist
Digambar S Tatkare
No ratings yet
Coding - Overview
Document2 pages
Coding - Overview
Apuroopa Harshini
No ratings yet
8 Patterns of Secure Sgile Teams Whitepaper
Document3 pages
8 Patterns of Secure Sgile Teams Whitepaper
Kevin
No ratings yet
Eb Transforming Appsec
Document9 pages
Eb Transforming Appsec
Kate Rich
No ratings yet
Suresh M - 21547769
Document6 pages
Suresh M - 21547769
Sunil
No ratings yet
DevOps From The Trenches Lessons Learned
Document18 pages
DevOps From The Trenches Lessons Learned
Nelson Dias
No ratings yet
4 - Continous - Integration - Using - Classic - Build - Pipeline-Cicd Docs
Document7 pages
4 - Continous - Integration - Using - Classic - Build - Pipeline-Cicd Docs
Gagana
No ratings yet
(Source Code Repository) : Project
Document10 pages
(Source Code Repository) : Project
Saurabh Singh
No ratings yet
Lead Applications Developer - NJ - NY - Remote
Document2 pages
Lead Applications Developer - NJ - NY - Remote
awais
No ratings yet
Experiment No 1 DOP
Document12 pages
Experiment No 1 DOP
Techtrip
100% (1)
Sast Vs Dast Vs Iast Infographic Final
Document1 page
Sast Vs Dast Vs Iast Infographic Final
punzango73
No ratings yet
Microservices CI/CD With AWS + Terraform: Click Here To Watch Video Tutorial
Document19 pages
Microservices CI/CD With AWS + Terraform: Click Here To Watch Video Tutorial
Digambar S Tatkare
No ratings yet
Professional Summary
Document6 pages
Professional Summary
Rk Pk
No ratings yet
DevOps Phases Across Software Development Lifecycl
Document9 pages
DevOps Phases Across Software Development Lifecycl
Andal T
No ratings yet
How To Achieve Devsecops With Gitlab Ci/Cd: Shift Left With Built-In Security Tools and Best Practices
Document23 pages
How To Achieve Devsecops With Gitlab Ci/Cd: Shift Left With Built-In Security Tools and Best Practices
sanjayid1980
No ratings yet
The Devsecops Security Checklist: 2Nd Edition
Document28 pages
The Devsecops Security Checklist: 2Nd Edition
jhon due
0% (1)
DevSecOps Vs SecDevOps The Full Comparison
Document4 pages
DevSecOps Vs SecDevOps The Full Comparison
HoracioDos
No ratings yet
Ci CD
Document3 pages
Ci CD
jay
No ratings yet
Imt2019079 Imt2019072
Document12 pages
Imt2019079 Imt2019072
Rohan Thakkar
No ratings yet
Build and Release Engineer Interview Questions and Answers
Document9 pages
Build and Release Engineer Interview Questions and Answers
Harish Kumar
No ratings yet
?devops? Interview Questions & Answer
Document59 pages
?devops? Interview Questions & Answer
vincent
No ratings yet
What Is Continuous Integration
Document3 pages
What Is Continuous Integration
Sandip Bankar
No ratings yet
DevSecOps for .NET Core: Securing Modern Software Applications
From Everand
DevSecOps for .NET Core: Securing Modern Software Applications
Afzaal Ahmad Zeeshan
No ratings yet
DevOps Internship Compellio
Document1 page
DevOps Internship Compellio
dikshant gupta
No ratings yet
Dattaram Gawas Angular 8yrs Exp
Document2 pages
Dattaram Gawas Angular 8yrs Exp
piyushinamdar3
No ratings yet
TDX22 DevOps Center Practical Use Cases
Document29 pages
TDX22 DevOps Center Practical Use Cases
Atif Hassan
No ratings yet
Volant ENTERPRISE SCALE DEVSECOPS FOR DOD ISR 1
Document3 pages
Volant ENTERPRISE SCALE DEVSECOPS FOR DOD ISR 1
home cec
No ratings yet
Azure Container Deployment - Steps
Document3 pages
Azure Container Deployment - Steps
sandeep darla
No ratings yet
AI in Cyber Security
Document14 pages
AI in Cyber Security
sandeep darla
100% (1)
Using AI Techniques To Improve Pentesting Automation: Carlos Sarraute
Document48 pages
Using AI Techniques To Improve Pentesting Automation: Carlos Sarraute
sandeep darla
No ratings yet
Using AI Techniques To Improve Pentesting Automation: Carlos Sarraute
Document48 pages
Using AI Techniques To Improve Pentesting Automation: Carlos Sarraute
sandeep darla
No ratings yet
Using AI Techniques To Improve Pentesting Automation: Carlos Sarraute
Document48 pages
Using AI Techniques To Improve Pentesting Automation: Carlos Sarraute
sandeep darla
No ratings yet