Table of contents
No headings in the article.
DevSecOps is about built-in security, not security that functions as a perimeter around apps and data. If security remains at the end of the development pipeline, organizations adopting DevOps can find themselves back to the long development cycles they were trying to avoid in the first place.
Apart from using Secrets/Key Vaults for storing the credentials.
we also need to Implement different security tools in your DevOps Pipeline.
Some of the important tests which we need to implement are below:
SAST- A testing methodology that analyzes source code to find security vulnerabilities that make your organization's applications susceptible to attack.
DAST- stimulates an outside attacker's perspective.
SCA- provides visibility into the open-source components and libraries being incorporated into the software.
Container Security- Process of implementing security tools and processes to provide strong information security for any container-based.
AzDoTip: In case you want to skip an error in any of the task, don't forget to use continueOnError: true.
check out the below diagram for reference.