Introducing DevSecOps
DevSecOps is a term that is getting a lot of attention from everywhere. Organizations used to perform product security checks at the end of the software development life cycle (SDLC) before the development of DevOps and DevSecOps. Security was viewed as less important than the other phases because the emphasis was primarily on application development. Most of the other stages would have been completed and the products would be nearly finished by the time engineers performed security checks. Therefore, finding a security threat at such a late stage required rewriting countless lines of code, a painfully time-consuming and laborious task. Patching eventually became the preferred solution, as expected. “As a result, it was assumed nothing could go wrong.”
In this chapter, we will learn about the basics of DevSecOps and the different maturity levels involved in the current state and future attainable state of the practice involved in DevSecOps.
We will also cover the following aspects:
- The involvement of different teams
- Key performance indicators (KPIs)
We will also cover the evolution of DevOps and DevSecOps in terms of the Waterfall model, understand the agile methodology, and learn how DevSecOps is changing the paradigm for organizations.
In the chapter, we are going to cover the following main topics:
- Product development processes:
- Waterfall model
- Agile methodology
- DevSecOps and its evolution
- The new processes within DevSecOps
- Maturity levels:
- Maturity level 1
- Maturity level 2
- Maturity level 3
- Maturity level 4
- KPIs
- DevSecOps – the people aspect