Chapter 8. Beyond DevSecOps
Determining the contents for a book on DevSecOps is more about determining what not to put in a book about DevSecOps. The primary problem is the term “DevSecOps” itself. It means different things to different people depending not only on context but also on experience and organizational need. The technology has not matured to the point where a true recipe for success is available. There are patterns to follow and pieces of tech to use—which I’ll describe here—but the exact details of what to type and where to type it are impossible to prescribe. Importantly, DevSecOps is not an end goal but rather an iterative improvement process that evolves as new technologies become available that can make software delivery faster and more reliable.
DevSecOps Patterns
This section includes several patterns of success followed by organizations, whether on the path toward DevSecOps or using a mature DevSecOps SDLC:
-
Shifting left toward CI/CD
-
Multicloud deployments for redundancy
-
Less emphasis on post-deployment security; security is shifted left and automatic
-
Linux, specifically command-line-based not GUI, but the rest of the stack interchangeable
-
Less emphasis on troubleshooting and optimizing in favor of refactor and redeploy
Let’s start by discussing shifting left toward CI/CD.
Shifting Left and Adding CI/CD
Continuous integration/continuous deployment (CI/CD) is really the ultimate goal of DevSecOps. A developer should be able to write code and have ...
Get Learning DevSecOps now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
