Auto-sync: 2026-04-20 07:08
This commit is contained in:
@@ -3,7 +3,7 @@ title: "DevSecOps"
|
||||
type: concept
|
||||
tags: [devops, security, automation]
|
||||
sources: [cloud-devop-maturity-guideline, How-Agentic-AI-can-help-for-Cloud-DevOps, what-is-devsecops-best-practices-benefits-and-tools]
|
||||
last_updated: 2026-04-16
|
||||
last_updated: 2026-04-20
|
||||
---
|
||||
|
||||
## Definition
|
||||
@@ -14,14 +14,31 @@ DevSecOps 是将安全实践集成到 DevOps 流程中的方法论,强调通
|
||||
- **自动化安全**:将安全扫描集成到 CI/CD 流水线
|
||||
- **持续合规**:自动化合规性检查和报告
|
||||
- **主动漏洞管理**:持续扫描和修复漏洞
|
||||
- **安全右移(Shift Right)**:发布后持续安全监控
|
||||
|
||||
## Key Practices
|
||||
- 自动化 SAST(静态应用安全测试)
|
||||
- 自动化 DAST(动态应用安全测试)
|
||||
- 容器镜像安全扫描
|
||||
- secrets 管理
|
||||
- secrets 管理
|
||||
- 安全编码
|
||||
- 风险管理
|
||||
|
||||
## Key Tools
|
||||
- SAST(静态应用安全测试)
|
||||
- SCA(软件成分分析)
|
||||
- IAST(交互式应用安全测试)
|
||||
- DAST(动态应用安全测试)
|
||||
|
||||
## Connections
|
||||
- [[DevOps 成熟度模型]] ← 安全维度 ← [[DevSecOps]]
|
||||
- [[CI/CD 流水线]] ← 集成 ← [[DevSecOps]]
|
||||
- [[监控可观测性]] ← 依赖 ← [[DevSecOps]]
|
||||
- [[DevOps]] ← extends ← [[DevSecOps]]
|
||||
- [[CI/CD 流水线]] ← embeds ← [[DevSecOps]]
|
||||
- [[SDLC]] ← integrates_with ← [[DevSecOps]]
|
||||
- [[Policy-as-Code]] ← implements ← [[DevSecOps]]
|
||||
- [[Shift Left]] ← is_a ← [[DevSecOps]]
|
||||
- [[Shift Right]] ← requires ← [[DevSecOps]]
|
||||
- [[Secure Coding]] ← enables ← [[DevSecOps]]
|
||||
- [[Risk Management]] ← includes ← [[DevSecOps]]
|
||||
- [[Access Control]] ← requires ← [[DevSecOps]]
|
||||
- [[Immutable Infrastructure]] ← enhances ← [[DevSecOps]]
|
||||
- [[监控可观测性]] ← depends_on ← [[DevSecOps]]
|
||||
Reference in New Issue
Block a user