July 2018
Intermediate to advanced
356 pages
9h 18m
English
Content preview from Hands-On Security in DevOps
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Baking security into DevOps
We have discussed the culture aspect of how security fits into an organization. Let's now discuss the technical aspect. When it comes to fitting security into DevOps, we are mostly talking about integration with an existing Continuous Integration (CI) or Continuous Delivery (CD) framework. There are various kinds of CI/CD framework. We may focus on how to integrate security with Jenkins, since Jenkins is the hub of the whole CI/CD ecosystem, such as code and commit, build, scan and test, release, and deployment. One typical CI/CD process with security tools integration is shown in the following diagram. Please be aware that security requirements, threat modeling, secure design, and architecture design are not in ...