July 2018
Intermediate to advanced
356 pages
9h 18m
English
Content preview from Hands-On Security in DevOps
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Security guidelines and processes
After looking at the industry practices, SDL, OWASP SAMM, and ISO 27001, it's normally the CSO or CTO security office's job to define the security governance program and the security guidelines. The following table shows an overview of security guidelines. In practice, these security guidelines are templates, suggested centrally and updated in a security knowledge base for every project team to refer to. Again, guidelines won't be effective if these guidelines aren't able to be part of a developer, QA, IT, or DevOps's daily tasks. Providing tools with built-in security practices for DevOps teams is still key to the success of DevSecOps. The following table suggests some industry practices and tools that may ...