What is DevSecOps?
Simply put, DevSecOps is the practice of integrating security tests into every stage of the software delivery life cycle. It is an extension of the DevOps approach that we have discussed so far in this book. Using tools and processes, it promotes collaboration between development, operations, and security teams. This results in software artifacts that are not only operationally efficient to produce but also safe to be released in production, at any point in time. Similar to DevOps, DevSecOps also brings in a cultural shift around how we approach security in conventional software delivery processes. Security teams should no longer be seen as some form of resistance, but more as enablers of the adoption of security best practices in the organization.
Before we move further, I would like to clarify one point that you might be thinking of at this stage – the difference between DevOps and DevSecOps.
How is it different from DevOps?
The core idea behind...
