In DevOps, you have probably heard about CI/CD - Continuous Integration and Continuous Deployment, but have you heard of or implemented Continuous Assurance? As we move fast with DevOps, we must not compromise security and compliance. DevSecOps, or Rugged DevOps, has become very essential and a key for DevOps implementation. It introduces security as a shift-left mindset with a lot of practices. So, as security practices moved to the beginning, it required different techniques to achieve the same goals. Besides Continuous Integration, Continuous Deployment, Continuous Delivery, and Continuous Testing, you should also implement Continuous Assurance if you want to implement DevOps.
DevSecOps or Rugged DevOps
In this post, we will cover the following topics related to DevSecOps and Continuous Assurance:
- Security Shift Left
- Security and Compliance within DevOps (Continuous Assurance)
- What do we need to do to check for security?
- How do we check for security?
- OWASP
- Continuous security validation within the CI/CD pipeline
- Passive penetration test vs. Active penetration test
- Infrastructure validation
- Track vulnerabilities
- Secure DevOps Kit for Azure (AzSK)
- Policy
- Blueprints
- Security Center
- Automate Governance and Compliance
- Azure Pipelines Security Extensions
- SonarCloud
- WhiteSource Bolt
- Release Gate using Azure Policy
For more detailed information and a deeper dive into DevSecOps practices, watch the video below: DevSecOps and Continuous Assurance Tips and Tricks Rugged DevOps
Tip: DevOps for beginners
For more information about DevOps, what is DevOps, how to work with DevOps, what is Continuous Integration, and what is Continuous Delivery, as well as the differences between CI pipelines and CD pipelines and many other topics, see DevOps for beginners
You can find more information about DevOps in the following post: Building and Deploying Your Code with Azure Pipelines