How DevSecOps Integrates Security Into DevOps Processes
An offshoot of DevOps, DevSecOps is a methodology that integrates security into software development processes.
“Like platform engineering, DevSecOps is a structure used by developers that came out of the need to organize and better plan all the steps involved in building code for applications,” says Todd R. Weiss, an analyst at the Futurum Group, a research firm.
Previously, developers would add security after building code. The DevSecOps movement came about to pull together development, security and operations to achieve more cohesive integration and quality of code, Weiss says: “DevSecOps allows all these important steps to help ensure better code throughout the development lifecycle, which is incredibly valuable.”
It’s crucial to incorporate security governance into developer workflows. A DevSecOps process could help catch alerts that often get missed. Failure to notice alerts leads to breaches of service-level agreements, according to Neil Wylie, chief architect for platform engineering at CDW.
Another part of DevSecOps involves automating security gates to prevent interruptions in a software pipeline. Organizations can also automate the evaluation of security results after code has been scanned for common vulnerabilities and exposures and common weakness enumerations. “These gates are akin to how you might handle software quality when testing passes or fails with quality gates,” Mercer says.
