What is DevSecOps?
DevSecOps, a relatively new term in the application security (AppSec) space, is about introducing security earlier in the software development life cycle (SDLC) by expanding the close collaboration between development and operations teams in the DevOps movement to include security teams as well. It requires a change in culture, process, and tools across the core functional teams comprising development, security, testing, and operations. Basically, DevSecOps means that security is a shared responsibility, and everyone involved in the SDLC has a role to play in building security into the DevOps CI/CD workflow.[1]
As the speed and frequency of releases increase, traditional application security teams cannot keep up with the pace of releases to ensure each release is secure.
To address this, organizations need to build in security continuously across the SDLC so that DevOps teams can deliver secure applications with speed and quality. The earlier you can introduce security into the workflow, the sooner you can identify and remedy security weaknesses and vulnerabilities. This concept is part of “shifting left,” which moves security testing toward developers, enabling them to fix security issues in their code in near real time rather than waiting until the end of the SDLC, where security was bolted on in traditional development environments.
Through DevSecOps, organizations can integrate security seamlessly into their existing continuous integration and continuous delivery (CI/CD) practice. DevSecOps spans the entire SDLC from planning and design to coding, building, testing, and release, with real-time continuous feedback loops and insights.