DevSecOps with DefectDojo
The Early Bird
DevOps has been an integral part of software development in most organizations for years. The term encompasses various practices and tools and a kind of cultural philosophy that are intended to help automate and interlink processes between the development department and IT teams. From DevOps mechanisms, a further development has emerged in recent years: DevSecOps, DevOps plus security. In more detail, it means that security needs to play a role in every phase of the software development process: from the initial design through integration, testing, and deployment to delivery.
The principle of moving tasks – security in this case – forward as far you can in a process chain is also known as the shift-left approach. In terms of containers, shift left means taking security aspects into account as early as the container construction stage. This approach makes sense; after all, fixing incidents in production environments often involves massive amounts of money, and discovering errors at the outset of the development process is typically far less costly. Many tools have become established on the market in the shift-left and DevSecOps environment in recent years. DefectDojo [1] is one of these tools, and it is free.
DefectDojo
DefectDojo was originally developed by Rackspace but is now open source. The community is working hard on the further development of the software, with more than 350 contributors and more than 2,500 GitHub Stars. New features are released quite frequently; according to the GitHub page, an update is made approximately every two weeks. The tool integrates with a wide range of existing security tools, including security scanners, issue trackers, and reporting tools and displays their information in a centralized and easy-to-understand way.
A special feature is its ability to automate the process of running
...Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.