DevSecOps is an enhancement to DevOps that builds security into all aspects of the process. The goal is to address security issues from the very start of the project.
Like DevOps, but adding continuous security to continuous integration and continuous delivery
continuous security topics with OS tools
- Infrastructure as code scanning
- e.g. terrascan
- Static application security testing
- e.g. semgrep
- e.g. sonarqube
- Software composition analysis (SCA)
- e.g. npm audit
- e g. black duck hub
- Interactive application security testing
- Dynamic application security testing (DAST)
- e.g. burpsuite
- e.g. nikto
- Containerization and Container Security
- e.g. trivy