INTRODUCTION

DevSecOps technology enables and underpins the core principles of DevOps, but it is important to reiterate that DevSecOps and DevOps are not just about technology. DevSecOps is primarily about culture and the DevOps principles. With this in mind, it is important to clarify just what constitutes a DevSecOps tool. What defines DevSecOps technology? The reality is that there is no such thing as a “DevSecOps” tool, but, rather, a set of tools that enable DevSecOps. While this may seem like a subtle differentiation, it is an important one because how a tool is used impacts the outcome. If you think of DevSecOps as a culture of collaboration, then you can consider a set of tools that enable collaboration. More generally, you can think of DevSecOps tools as the set of security tools that enables the core principles of DevOps.

The reality is, there is no such thing as a “DevSecOps” tool, but, rather, a set of tools that enable DevSecOps…. If you think of DevSecOps as a culture of collaboration, then you can consider a set of tools that enables collaboration.

Marketing messages make this point more confusing, as many modern security tools now purport to be a “DevSecOps tool.” It is important to consider what a DevSecOps tool actually is to separate reality from the marketing messages. Tools like extended detection and response (XDR), which monitor the environment, focus on core principles such as observability and transparency. However, if ...