DevSecOps is an addition of “Sec” in the above-mentioned definition of DevOps.
“Development<+>Security<+>Operations=DevSecOps”
In DevSecOps, security is ensured in every phase of DevOps, i.e., from the planning phase to the final delivery phase, appropriate security integrations are incorporated in each phase.
The main benefit of DevSecOps is to deliver more-secure code/product faster.
Benefits of DevSecOps:
Some of the benefits that can be availed when DevSecOps is implemented in a project are:
- Rapid delivery of secure code
- Security in every phase
- Management of vulnerability assessment and patching
Implementation of DevSecOps:
DevSecOps acts like a cover or a shield for the existing DevOps practices. It can be implemented in many ways.
‘Shift left’ is a DevSecOps mantra: It encourages software engineers to move security from the right (end) to the left (beginning) of the DevOps (delivery) process. In a DevSecOps environment, security is an integral part of the development process from the beginning. An organization that uses DevSecOps brings in its cybersecurity architects and engineers as part of the development team. Their job is to ensure every component, and every configuration item in the stack is patched, configured securely, and documented. — IBM
The main implementation procedure is to make aware both the development and the operations team about the common vulnerabilities so that they can produce secure code and a secure environment for the deployment.
For DevSecOps, the learning path is similar to that of DevOps, the only change is the learning of implementing security in each phase.
Some of the Resources are:
My DevOps Roadmap
The journey to DevOps is a long path with many milestones in it. As I mentioned, since DevOps is not a specific technology, it is better to have an insight into all the updated tools and frameworks. A never-ending desire to learn 🤓 and interest in updating your knowledge will help to achieve this. I strongly believe that breaking up larger tasks into smaller segments will help to accomplish the entire task much more effectively. This is the path that I’m following in my DevOps journey:
- Learn Operating systems.