ishenwei/nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
24218550d234e26a158c0f33446fc6d5f454ad11
nexus/wiki/concepts/DevSecOps.md
weishen 24218550d2 Auto-sync: 2026-04-21 20:03
2026-04-21 20:03:06 +08:00

50 lines
2.0 KiB
Markdown
Raw Blame History

# DevSecOps
## Definition
DevSecOps integrates security practices into the DevOps process, embedding security throughout the entire software development lifecycle rather than treating it as a separate phase.
## Key Principles
- **Shift Left**: Integrate security early in the development process
- **Automation**: Security checks automated in CI/CD pipelines
- **Continuous Compliance**: Ongoing security validation and compliance monitoring
- **Proactive Vulnerability Management**: Early detection and remediation of security issues
## Core Practices
- Static Application Security Testing (SAST)
- Dynamic Application Security Testing (DAST)
- Software Composition Analysis (SCA)
- Container security scanning
- Infrastructure as Code security validation
- Secret management and rotation
## Tools
- SAST: SonarQube, Checkmarx, Semgrep
- Container scanning: Trivy, Clair, Snyk
- Secret management: HashiCorp Vault, AWS Secrets Manager
## Security Progression Across DevOps Maturity Levels
| Maturity | Security Integration Level |
|----------|--------------------------|
| Phase 1 | Security involvement only weeks before release, minimal compliance scans |
| Phase 2 | Security operates separately from the rest of the team |
| Phase 3 | Security involved in design, architecture, and operations discussions; scans integrated throughout development |
| Phase 4 | Dependency vulnerability management; continuous security monitoring across the team |
| Phase 5 | Prevent insecure/non-compliant code from reaching production; high-level security integration |
## Sources
- [[sources/cloud-devop-maturity-guideline.md]]
- [[sources/what-is-devsecops-best-practices-benefits-and-tools.md]]
- [[sources/devops-maturity-model-from-traditional-it-to-advanced-devops.md]]
## Related Concepts
- [[concepts/DevOps-Maturity]]
- [[concepts/CI-CD-Pipeline]]
- [[concepts/Infrastructure-as-Code]]
- [[concepts/DORA-Metrics]]
- [[concepts/Change-Failure-Rate]]
## Ingested
- Date: 2026-04-21
- Date: 2026-04-24 (updated with maturity level progression)
Reference in New Issue View Git Blame Copy Permalink