DevSecOps
DevSecOps is a term that refers to the integration of security practices into the software development and operations process. The main objective of devsecops is to make security an integral part of the software development lifecycle, rather than treating it as an afterthought. This approach enables organizations to build and deploy secure applications more quickly and efficiently, while also reducing the risk of security breaches and vulnerabilities.
Pros :
- Detect vulnerabilies faster
- Detect more vulnerabilies
Cons :
- False positives
- Vulnerabilites triage
Methodology
- Vulnerability checks in dependencies
- SAST
- Code analysis
- IDE
- Pre-commit
- Pipeline
- Code analysis
- DAST
- Vulnerabilties management
Tools
Vulnerability checks in dependencies
- dependency check
- snyk
- trivy
- ...
SAST
- lint*
- SonarQube
- ...
DAST
- nuclei
- OWASP ZAP
- ...
Vulnerabilties management
- DefectDojo