Summary
Secure DevOps or DevSecOps integrates security capabilities and tools into a DevOps pipeline and automates the checks to ensure the application’s design, code, and components are free from vulnerabilities. In this chapter, we looked at the top security issues that need to be addressed by the application, runtime, and services. DevSecOps, along with the pattern of implementing secure engineering and threat modeling earlier in the application development cycle, helps shift eft security. Vulnerability management requires continuously monitoring security issues related to infrastructure, operating systems, application runtimes, and services. Timely patching of the vulnerabilities is required to keep the application safe from attacks and meet the audit and compliance guidelines. Security threats and technical vulnerabilities continue to evolve. With several services to deal with across clouds while building the application, manually ensuring all the configurations are correct...
