DevSecOps Beginners Guide: How to secure your DevOps pipelines?
The transit to DevOps Security requires everyone’s involvement right from the top management to the developers, testers and the operations team. It starts from the moment you write the very first line of code and continues even after deployment to production, with the aim to make malicious attacks difficult, exquisitely impossible.
DevOps Security i.e. DevSecOps focuses on initiating a culture of security in the DevOps environment. It is a collaboration of the DevOps teams with system security personnel, where the end goal is to find a faster and more robust way to deliver the code safely in agile architecture.
Integrating security into CI/CD pipelines
Security means thousands of things and while trying to accommodate it in DevOps pipeline one can easily deviate and get overwhelmed! There should be a thorough understanding of the workflows and tools the team is using to put effective security checks and controls on pipelines.
Typically we can decouple our continuous integration, delivery and deployment pipelines into 6 main stages:
Dev: Development phase, before the source code lands into the repository.
Build: Building and performing basic automated testing of the system.
Test: After a successful build, the artifacts are deployed into staging and test environments.
Host: This stage involves the configuration or updates need to be applied to the infrastructure.
Run: If all green, one can deploy the application into the production environment.
Observe: Continuously measuring and monitoring production activity.
Now, one by one we will be discussing the ways in which we can infuse security in each of the six activities listed above. Let’s dig in.
Final words
Organizations wanting to remain relevant and competitive in the industry must consider DevOps security as their primary goal in 2019. You can use these as pointers to start your journey towards DevSecOps.
