Category: Technology

What is DevSecOps? DevSecOps is about integrating security and compliance testing into the DevOps pipeline without compromising the speed and agility of continuous delivery. From a team perspective, the collaboration between IT security and the product team ( including development and operations) must be increased to make the software lifecycle agile and responsive. Security always worked in a silo. Earlier, when software development used the waterfall development model, it was normal to have security and compliance checks done at the end of the process. But with Agile and a faster and frequent software delivery cycle, those checks at the end make the DevOps process rigid and slow. Be it highly regulated banking applications or online e-commerce sites, maintaining security posture has become important to the business. With the rise in ransomware, use of open-source software, and speed of delivery it is critical to include security as an integral part of DevOps processes. The security and compliance team will analyze and look for any issues in the application. And this will take some time, maybe days. There might be many requests pending from the streamlined software delivery process (using CI/CD pipeline), and security checks right before the release could delay the delivery process.