feat(wiki): ingest Cloud DevOps and Home Office sources batch
This commit is contained in:
@@ -0,0 +1,42 @@
|
||||
---
|
||||
title: "What is DevSecOps - Best Practices, Benefits, and Tools"
|
||||
type: source
|
||||
tags: []
|
||||
date: 2026-04-14
|
||||
---
|
||||
|
||||
## Source File
|
||||
- [[raw/Cloud & DevOps/What is DevSecOps Best Practices, Benefits, and Tools.md]]
|
||||
|
||||
## Summary
|
||||
- 核心主题:DevSecOps最佳实践与工具
|
||||
- 问题域:安全集成、自动化、合规
|
||||
- 方法/机制:在SDLC每个阶段集成安全
|
||||
- 结论/价值:70%的发布后漏洞可通过DevSecOps防止
|
||||
|
||||
## Key Claims
|
||||
- DevSecOps在开发流程每个阶段集成安全
|
||||
- 自动化安全测试集成到CI/CD管道
|
||||
- 左移安全:早期识别漏洞
|
||||
|
||||
## Key Quotes
|
||||
> "70% of software vulnerabilities discovered post-launch could have been prevented with DevSecOps."
|
||||
|
||||
## Key Concepts
|
||||
- [[DevSecOps]]:开发安全运维
|
||||
- [[CI/CD]]:持续集成/持续交付
|
||||
- [[SAST]]:静态应用安全测试
|
||||
- [[DAST]]:动态应用安全测试
|
||||
- [[SCA]]:软件组成分析
|
||||
|
||||
## Key Entities
|
||||
- [[SonarQube]]:代码质量管理
|
||||
- [[Snyk]]:开源安全扫描
|
||||
- [[Amazon Inspector]]:漏洞扫描
|
||||
|
||||
## Connections
|
||||
- [[DevSecOps]] ← integrates ← [[CI/CD]]
|
||||
- [[DevSecOps]] ← uses ← [[SAST]]
|
||||
|
||||
## Contradictions
|
||||
- 无
|
||||
Reference in New Issue
Block a user