ishenwei/nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e4232f4feb4c2a22ae596b1cdfded8b3e66b43fd
nexus/wiki/sources/What is DevSecOps Best Practices, Benefits, and Tools.md

42 lines
1.1 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
---
title: "What is DevSecOps - Best Practices, Benefits, and Tools"
type: source
tags: []
date: 2026-04-14
---
## Source File
- [[raw/Cloud & DevOps/What is DevSecOps Best Practices, Benefits, and Tools.md]]
## Summary
- 核心主题DevSecOps最佳实践与工具
- 问题域:安全集成、自动化、合规
- 方法/机制在SDLC每个阶段集成安全
- 结论/价值70%的发布后漏洞可通过DevSecOps防止
## Key Claims
- DevSecOps在开发流程每个阶段集成安全
- 自动化安全测试集成到CI/CD管道
- 左移安全:早期识别漏洞
## Key Quotes
> "70% of software vulnerabilities discovered post-launch could have been prevented with DevSecOps."
## Key Concepts
- [[DevSecOps]]:开发安全运维
- [[CI/CD]]:持续集成/持续交付
- [[SAST]]:静态应用安全测试
- [[DAST]]:动态应用安全测试
- [[SCA]]:软件组成分析
## Key Entities
- [[SonarQube]]:代码质量管理
- [[Snyk]]:开源安全扫描
- [[Amazon Inspector]]:漏洞扫描
## Connections
- [[DevSecOps]] ← integrates ← [[CI/CD]]
- [[DevSecOps]] ← uses ← [[SAST]]
## Contradictions
- 无
Reference in New Issue View Git Blame Copy Permalink