Photo by Félix Prado on Unsplash

Photo by Félix Prado on Unsplash

Build a secure development and production pipeline

Main Line

Article from ADMIN 77/2023
By
We investigate best practices to secure CI/CD pipelines with DevSecOps.

We dwell in an era of glitzy tools and technologies where technological advancements and innovations abound – one in which technology is transforming the underpinnings of human existence. However, along with the benefits of these tools and technologies, you'll experience certain downsides, as well.

With the surge in frequency and complexity of cyberattacks, securing your software development pipelines is more critical now than ever. To ensure the security and integrity of your applications, you should be adept at thwarting security threats and vulnerabilities often and from the outset.

DevSecOps integrates security practices into the DevOps workflow to create a seamless and secure pipeline from start to finish. In this article, you'll learn how to secure combined practices of continuous integration and continuous delivery (CI/CD) pipelines by integrating DevSecOps into the development pipeline and adhering to the recommended best practices.

Security as a Culture

Who is responsible for security on a day-to-day basis? Every employee in your organization. Organizations need to enforce this as a policy, but unfortunately, most don't. For DevSecOps to be successful, your organization should foster security as a culture.

A security culture implies that every employee in your organization – from board members to new joiners – embraces security and understands the implications of non-adherence to security policies and guidelines.

Organizations should "shift security left" to build accountability among the employees and test code according to secure coding guidelines and practices. Changes in culture and processes are imperative to implement DevSecOps in your organization and safeguard your CI/CD pipelines. You should embrace this change and take a strategic approach to implementation. Applying these concepts entails time and effort from the outset.

...
Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Datadog Report Examines DevSecOps Best Practices
    more »
  • Lead Image © maroti, 123RF.com
    GitLab for DevOps teams
    We show you how one company uses GitLab CI as a platform for continuous integration and deployment processes.
    more »
  • Lead Image © Aleksey Mnogosmyslov, 123RF.com
    DevSecOps with DefectDojo
    The DefectDojo vulnerability management tool helps development teams and admins identify, track, and fix vulnerabilities early in the software development process.
    more »
  • Lead Image © bluebay, 123RF.com
    Security as Code
    Gauntlt is a sophisticated DevOps tool that can test the security of your continuous integration/continuous delivery pipeline.
    more »
  • News for Admins
    In the news: DHS Releases New Guidelines for Securing Critical Infrastructure; Datadog Report Examines DevSecOps Best Practices; Upskilling Key to Tech Staffing Challenges, Says LF Survey; 2024 Open Source Pros Job Survey Report Released; OpenSSF Issues Guidance to Help Prevent Social Engineering Attacks; Black Duck Supply Chain Edition Released by Synopsys; Spectra Logic Announces New Tape Libraries and Management Software; LPI Launches Open Source Essentials Program; Apache Software Foundation Celebrates 25 Years; SUSE Announces Rancher Prime 3.0; NSA Issues Zero Trust Guidelines for Network Security; and NIST Releases Major New Version of Cybersecurity Framework.
    more »
comments powered by Disqus