台灣羅德史瓦茲

DevSecOps vs DevOps: The main difference

DevSecOps and DevOps are similar concepts with automation at their core. DevSecOps adds an additional layer to the DevOps process by integrating security earlier, into each step of the design process, and not just the final stage of the software development life cycle. This is the modern recipe for delivering a safe product, one without security issues. The goal is to break down the silos between development security and operations teams by injecting into everyone, a uniform security mindset.

A successful DevSecOps strategy involves the following phases:

• Development phase: The software developers produce a new piece of code and commit it into the central repository.
• Continuous integration (CI), build and test phase: Once the code is committed, the CI pipeline automatically executes and the scripts build the application. Functional tests, static code analysis and security unit tests are performed.
• Continuous deployment (CD) phase: Once the tests are completed, the application is packaged and automatically deployed in the production environment.
• Monitoring phase: The new version of the application is monitored in the production environment to ensure that all its functionalities are working fine.

These phases help the DevSecOps teams to run automated tests on the code with the shortest possible iteration. This protects the code against any new vulnerabilities.