DevSecOps is an organizational software engineering culture and practice that aims at unifying software development (Dev), security (Sec), and operations (Ops). The main characteristic of DevSecOps is to improve customer outcomes and mission value by automating, monitoring, and applying security at all phases of the software lifecycle: plan, develop, build, test, release, deliver, deploy, operate, and monitor. Practicing DevSecOps provides demonstrable quality and security improvements over the traditional software lifecycle, which can be measured with these metrics:
The benefits of adopting DevSecOps include:
• Reduced mean-time to production: the average time it takes from when new software features are required until they are running in production;
• Increased deployment frequency: how often a new release can be deployed into the production environment;
• Fully automated risk characterization, monitoring, and mitigation across the application lifecycle;
• Software updates and patching at "the speed of operations".
The goal of CloudDefense is that it would like to become the best developer-friendly toolset to detect security vulnerabilities integration into your existing toolchain simple.
Securing complex cloud applications without compromising DevOps velocity