Four, DevSecOps generation:
With DevOps floor, and improve software delivery speed, security problems are more prominent, and in the traditional software development process, security is often the last step in enterprise software system before the finish, the system will notify security personnel safety testing, even without any safety testing, frequent accidents, the following are common pain points of enterprise security:
- Backend problem: often find security vulnerabilities on the system after the line, and losses have occurred.
- Frequent Vulnerability: the same vulnerabilities appear multiple times in different teams, can not affect the scope of the vulnerability analysis, as well as the lack of a unified regulatory loopholes accumulated data.
“DevSecOps”, extending from the concept of DevOps and evolved, the core idea is to secure the entire IT team (including the development, operation and maintenance and safety team) everyone’s responsibility, from development to operational needs throughout the entire life cycle of each business a link.
DevSecOps appear to alter the status quo before security and optimize some work, such as solitary safety tests, lag, random, coverage, consistency change and other issues; by curing processes, strengthen collaboration of different people, through tools, technology means will be able to automate repetitive tasks into safety in the R & D system, so that the security attributes embedded in the entire pipeline.
DevSecOps is a new security concept, built on the role and significance of the concept of “Everyone is responsible for safety” by strengthening internal security test, take the initiative to search for security vulnerabilities, and timely bug fixes, control risks, and implement business processes good integration.
In the past, security will be in the final stages of development by a special team responsible for implementation. When the development cycle for several months, even several years when the practice there is no problem; however, this approach is now no longer. Effective DevOps can successfully promote the rapid development cycles frequently (sometimes full only a few weeks or days), but this outdated security measures will have a negative impact, even for the most efficient DevOps plan.
Now, part of the common responsibility of security in DevOps collaboration framework, but also need to integrate the appropriate security features throughout the cycle. This is a very important concept. It also makes “DevSecOps” The term came into being, in order to emphasize the need for security to lay a solid foundation for DevOps plan.
DevSecOps means that, from the outset to consider the security of applications and infrastructure; but also make some security gateway to automate workflow in order to prevent DevOps slow. Choosing the right tools to ensure the continued safety help to achieve security objectives. However, DevOps effective security requires more than just a new tool. It is based on the DevOps culture change, to integrate the work of the security team as soon as possible.
Whether you referred to as “DevOps” or “DevSecOps”, always ensure the best security in the application of the entire life cycle. DevSecOps related to the built-in security, rather than the security of applications and data levels. If security issues left to the last link in the development process coupled with consideration, then the use of DevOps solutions organizations will find themselves in the long development cycle has changed, and this is the case from the outset that they wanted to avoid.
To some extent, DevSecOps stressed that we should invite the security team at the DevOps program has just started to ensure the security of information, and to develop security plans automatically. It also stressed the need to help developers ensure the security level from the code; in this process, security teams need to share visibility information against known threats, provide feedback and intelligent analysis.
Ie-lab Li Qiang Wei
For more articles you can follow us on: