90DaysOfDevOps day 2 - DevSecOps
- Include DevSecOps methods as early in development life cycle as possible continuation of DevOps
- I hear and I forget. I see and I remember. I do and I understand. - Confucius
- Trivy scanner could show critical vulnerabilities in docker images. Alternatives as security tool to consider Aqua Security, Snyk.
- It should be collaboration between different it teams.
- Cybersecurity focuses more on internal network, data, application security, DevSecops more about software CI/CD cycle improvements, collaboration between teams.
- Observability - is to know how application observable, if we really know how it works.
- Integrating security in developent stage, because security breaches could cost alot to fix if found out in production stage.
- Security related tasks should be included in the backlog
- Tesla over air updates run smoothly, one beta version, after two days another one, smooth rollback process.
Source: 90DaysOfDevops day 2 DevSecOps