CHAPTER 10Accelerating DevSecOps Practices

In this chapter, you will learn how Copilot can assist in several DevSecOps tasks. DevSecOps tasks can be complicated to learn and implement. With Copilot by your side, you will be empowered to create the necessary resources and actions that will get your application from concept to center stage.

  • Detailing DevSecOps
  • Simplifying Containers
  • Automating Infrastructure as Code
  • Streamlining CI/CD Pipelines

Detailing DevSecOps

DevSecOps, short for development, security, and operations, is a software engineering culture and practice that aims to unify software development (Dev), security (Sec), and operations (Ops).

To practice DevSecOps, security needs to be considered at every phase of the software development life cycle (SDLC) (see Figure 10.1).

As you can see from Figure 10.1, in addition to the development tasks, the release, deployment, operation, and monitoring tasks all play a vital role in successful software delivery with security embedded at every task.

A diagram of Sec is divided into two parts: on the left side, Dev includes code, plan, build, and test; on the right side, Ops includes release, deploy, operate, and monitor.

Figure 10.1: DevSecOps diagram detailing security considered at each stage of the DevOps cycle

Here are some key points:

  • Shift left on security: This means introducing security as early as possible in the life cycle of app development. This is a significant change from traditional practices where security was often considered at the end of the development cycle (“shifting ...

Get Programming with GitHub Copilot now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial