90DaysOfDevOps - Day3 lifecycle/sec
- Continues Monitoring, Integration, Testing, Development
- DevSecOps manifest Security as a code
- Security as a code will provide insights directly to developers, collaborate with them.
- Not only relying on scanners but also attack services like an outsider.
- Vulnerabilities could be in outdated library, leaked sensitive data, vulnerable container base image, k8s misconfiguration.
- Regulation & Compliaance, Auditability & Tracability
Source: 90DaysOfDevOps day3