What is the hype about DevSecOps?
DevOps is bringing in the Development and Operations aspects of SDLC lifecycle under one roof and control the Develop-to-Deploy activities in an automated way. Benefits we experience here is that time-to-live is fast and frequent with quality deliverables to live from dev or from testing phase
DecSecOps is about inculcating the security guidelines and compliance as part of DevOps cycle
Where is this security sandwiched between Dev and Ops when we have army of services and readily available tools to keep our accounts safe and secure? This is quite interesting to know !!!
How does it feel to know that we have security checks and guidelines compliance checks while deploying as if to catch the nudges as and when they are introduced? This is what DevSecOps is all about. Why to spend time on Cloudtrail, AWS Config logs or Cloudwatch to look out for 'What or Who caused breach' when we can have these identified during Deploy Phase only
And how this is made is that the security checks are added as part of deployment pipelines like AWS CodePipeline or Jenkins
Happy DevSecOps !!!