InfoQ Homepage DevSecOps Content on InfoQ
-
When DevOps Meets Security to Protect Software
Security can no longer be an afterthought in the software development process. Collaboration between security and development needs to happen early to be effective.
-
Accelerating the Secure Software Delivery Lifecycle with GitOps
Building secure software can be complicated and time-consuming. By employing a GitOps model, security can be safely separated from development, simplifying the delivery process and increasing velocity.
-
API Security: from Defense-in-Depth (DiD) to Zero Trust
Nearly all companies have experienced security incidents but few have an API security policy that includes dedicated API testing and protection. A defense-in-depth approach that includes boundary defense, observability, and authentication is recommended.
-
Successfully Integrating Dynamic Security Testing into Your CI/CD Pipeline
Dynamic security testing tools don’t require advanced cybersecurity knowledge to operate. Integrating DAST into your CI/CD pipeline should be done in stages by focusing on the riskiest areas first.
-
What Developers Must Know about Zero Trust
Zero trust solves the problem of open network access by allowing access only to the resources a user should be allowed to access. This article covers how to start working with zero trust principles and ideas.
-
Using DevOps Automation to Combat DevOps Workforce Shortages
A focus on automation can help to combat the current staffing struggles many organizations have with DevOps roles. Effective automation can reduce the toil experienced by developers. Automation efforts should focus on security operations, deployments, continuous delivery, QA testing, and continuous integration.
-
DevOps and Cloud InfoQ Trends Report – June 2022
This article summarizes how we see the "cloud computing and DevOps" space in 2022, which focuses on fundamental infrastructure and operational patterns, the realization of patterns in technology frameworks, and the design processes and skills that a software architect or engineer must cultivate.
-
Evolving DevSecOps to Include Policy Management
A thorough implementation of policy management tools is required for effective compliance and security management in a DevOps environment. Companies that accept policy management in DevSecOps as a way of development and have adopted some level of policy management best practices tend to operate more efficiently.
-
The Role of DevOps in Cloud Security Management
Different areas of cloud security must be examined to strengthen security in the cloud versus security of the cloud. This includes identifying requirements, defining the architecture, analyzing controls, and identifying gaps. Security must be both proactive and reactive, so it needs to be considered in every step of development.
-
Mobile DevSecOps Is the Road to Mobile Security
In this article, I’ll discuss some of the most common security deficiencies in mobile apps and explain the potential risks to consumers, app developers, and brands, as well how to break the cycle of poor app security, using automated, rapid, continuous, and iterative deployment.
-
Virtual Panel: DevSecOps and Shifting Security Left
Recent attacks, that targeted SolarWinds, Colonial Pipeline, and others, have shown that development environments come ever more frequently on the radar of malicious actors. A virtual panel on the value of shifting left security, how to take responsibility for it, and the time-to-market pitfalls.
-
DevSecOps: the Key to Securing Your Supply Chain in a Multi-Cloud Threatscape
Recent supply chain attacks require businesses to re-evaluate their approach to DevOps, specifically as it relates to security. The DevSecOps focus CI/CD platforms, testing and scanning across the SDLC, and a focus on minimizing manual efforts can not only improve security postures but also improve delivery of business value.