July 2018
Intermediate to advanced
356 pages
9h 18m
English
Content preview from Hands-On Security in DevOps
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Security in continuous integration
Most of the development team's daily activities include coding, compiling/building, testing, and deployment. Our goal is to build security automation practices into these activities. In the coding stage, the development team can use IDE plugins to do security source code analysis. In the build stage, we scan for the secure hardened compiling options and the known vulnerabilities of the dependency components, as well as the secure source code for the whole project.
Once the build is ready and installed on the staging environment, more comprehensive security scanning will be performed, such as dynamic web security testing by OWASP ZAP, infrastructure configuration security, and secure communication protocols. ...