Previous part https://medium.com/@ahmad.aabed/devsecops-stating-the-obvious-14b53a36b53f

I am still stating the obvious when it comes to DevSecOps 😄

Review your tools

Nowadays, it became super easy to add a new tool to your stack

Log in with Github and there you go, you have a tool for code quality coverage. Allow access to AWS and there you go you have a tool for billing analysis.

While those tools are really helpful, you should always ask yourself

  • Who are the creators of a certain tool, what is their reputation
  • What the minimal access the tools can get
  • What if the creators are malicious
  • What if the creators have a malicious internal…

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store