The term DevOps has been around for over a decade and it has grown in popularity over that time. As we know, the promise of DevOps is improved efficiency and a faster release cadence.
But what about security? How and where does that factor in?
In the initial ideas and models around DevOps, security wasn’t necessarily built-in and was sometimes considered as a bolt-on addition to the operations process. That's been changing with the rise of the DevSecOps model, which is all about making sure that security is an integrated part of the development and operational life cycle of an application. But while DevOps is an approach that is well understood by many, DevSecOps is less so.
This report explores the DevSecOps model by detailing how DevSecOps works, how it relates to DevOps, its benefits and challenges, the tools available today for injecting security into the DevOps process, and best practices for developing a DevSecOps-oriented team.