mirror of
https://github.com/The-Art-of-Hacking/h4cker
synced 2024-11-21 18:33:03 +00:00
Create devsecops_pipelines.md
This commit is contained in:
parent
feef7fcd5b
commit
4d726a97f6
1 changed files with 37 additions and 0 deletions
37
devsecops/devsecops_pipelines.md
Normal file
37
devsecops/devsecops_pipelines.md
Normal file
|
@ -0,0 +1,37 @@
|
||||||
|
# Overview of DevSecOps Pipelines
|
||||||
|
|
||||||
|
DevSecOps, short for Development, Security, and Operations, is a philosophy that integrates security practices within the DevOps process. DevSecOps pipelines are designed to automate and embed security at every phase of the software development lifecycle. The key stages:
|
||||||
|
|
||||||
|
1. **Planning and Analysis**
|
||||||
|
- Identify security requirements and constraints.
|
||||||
|
- Perform threat modeling to understand potential risks.
|
||||||
|
- Define security policies and standards.
|
||||||
|
|
||||||
|
2. **Development and Coding**
|
||||||
|
- Implement secure coding practices.
|
||||||
|
- Use pre-approved security libraries and components.
|
||||||
|
- Conduct regular code reviews with a focus on security.
|
||||||
|
|
||||||
|
3. **Continuous Integration (CI)**
|
||||||
|
- Automate code scanning for vulnerabilities using Static Application Security Testing (SAST).
|
||||||
|
- Run unit tests to ensure code quality.
|
||||||
|
- Build artifacts securely and store them in a secure repository.
|
||||||
|
|
||||||
|
4. **Continuous Deployment (CD)**
|
||||||
|
- Deploy code to staging or production environments using automated pipelines.
|
||||||
|
- Utilize Dynamic Application Security Testing (DAST) to test running applications.
|
||||||
|
- Ensure secure configuration management.
|
||||||
|
|
||||||
|
5. **Monitoring and Operations**
|
||||||
|
- Monitor applications and infrastructure for security incidents.
|
||||||
|
- Implement automated incident response.
|
||||||
|
- Regularly update and patch systems.
|
||||||
|
|
||||||
|
6. **Feedback and Improvement**
|
||||||
|
- Collect feedback on security performance.
|
||||||
|
- Continuously improve security practices and tools.
|
||||||
|
- Foster a culture of security awareness and collaboration.
|
||||||
|
|
||||||
|
The DevSecOps pipeline emphasizes collaboration between development, security, and operations teams, ensuring that security is not a bottleneck but an enabler of faster and more reliable software delivery.
|
||||||
|
|
||||||
|
![image](https://github.com/The-Art-of-Hacking/h4cker/assets/1690898/91c5397e-e514-45f6-bf4e-ff0d85b10ef2)
|
Loading…
Reference in a new issue