--- title: "Introduction" chapter: true weight: 5 pre: "1. " --- ## DevSecOps?! What is it? --- ### Before that a little bit about DevOps In a world where speed is a requirement, it is increasingly important for teams (developers and operations) that previously work in each other’s squares to get closer, interact and work with a single objective in min: Optimize productivity and continuously deliver value to your customers. DevOps started out as a combination of cultural philosophies. But nowadays, some companies already have this culture so engrained into their structure, that today we have DevOps teams that use practices and tools to automate processes that historically have always been manual and slow. Now, we can use various technologies and tools that help to operate and develop applications faster and more reliably. As a result, some interesting words and phrases are increasingly used: - CI - Continuous Integration; - CD - Continuous Delivery; - IaC - Infrastructure as code; - Microservices; ![DevOps](/images/devops.PNG) #### Some of the best benefits of adding a DevOps culture to your company: - Speed; - Fast delivery; - Scale and more automation; --- ### Now DevSecOps DevSecOps continues the journey over what DevOps is and adds security to the entire automation phase or the famous CI/CD (CI/CD is an advantage for DevSecOps, a privileged entry point for security measures and controls). DevSecOps is meant to emphasize the need to build security into the foundation of DevOps projects. DevSecOps will basically help any companies that have a development pipeline. Generally, security testing is performed at the end of the application development process, which increases the risks of deployment delays and project costs, especially if vulnerabilities that require recoding or redesign are found. DevSecOps means considering application and infrastructure security from the very start without slowing down DevOps workflow. DevSecOps is based on the shared responsibility model, meaning security is everyone’s responsibility. With that, a few more interesting words and phrases are again added and used when talking about this subject: - Shift Left; - SDLC - Software Development Life Cycle; - SCA - Software Composition Analysis; - SAST - Static Application Security Testing; - DAST - Dynamic Application Security Testing; #### Some of the best benefits of adding a DevSecOps culture to your company: - More Security throughout your Pipeline; - Better Response against attacks; - Better Monitoring and Management; ----- #### Now let's explore a little more about some aspects of DevSecOps!! :grin: :mag_right: ---