---
title: "What is DevSecOps - Best Practices, Benefits, and Tools"
type: source
tags: []
date: 2026-04-14
---

## Source File
- [[raw/Cloud & DevOps/What is DevSecOps Best Practices, Benefits, and Tools.md]]

## Summary
- 核心主题：DevSecOps最佳实践与工具
- 问题域：安全集成、自动化、合规
- 方法/机制：在SDLC每个阶段集成安全
- 结论/价值：70%的发布后漏洞可通过DevSecOps防止

## Key Claims
- DevSecOps在开发流程每个阶段集成安全
- 自动化安全测试集成到CI/CD管道
- 左移安全：早期识别漏洞

## Key Quotes
> "70% of software vulnerabilities discovered post-launch could have been prevented with DevSecOps."

## Key Concepts
- [[DevSecOps]]：开发安全运维
- [[CI/CD]]：持续集成/持续交付
- [[SAST]]：静态应用安全测试
- [[DAST]]：动态应用安全测试
- [[SCA]]：软件组成分析

## Key Entities
- [[SonarQube]]：代码质量管理
- [[Snyk]]：开源安全扫描
- [[Amazon Inspector]]：漏洞扫描

## Connections
- [[DevSecOps]] ← integrates ← [[CI/CD]]
- [[DevSecOps]] ← uses ← [[SAST]]

## Contradictions
- 无