DevSecOps: Automating security in the development lifecycle

Learn how security teams are using DevOps principles and CI/CD pipelines to automate application security.

Custom image for Form-based deployment in OpenShift 4.8.

Automate application security with OpenShift Pipelines

In this self-paced tutorial, learn how to use OpenShift Pipelines to automate the deployment of your applications.

OpenShift Pipelines is a cloud-native, continuous integration and delivery (CI/CD) solution for building pipelines using Tekton. Tekton is a flexible, Kubernetes-native, open-source CI/CD framework that enables automating deployments across multiple platforms (e.g. Kubernetes, serverless, VMs, and so forth) by abstracting away the underlying details.

Automate deployment

What is DevSecOps?

DevSecOps automates and modernizes application security using familiar DevOps principles:

  • Traceable, transparent specifications
  • Version control for document management
  • Automated tools and testing through CI/CD pipelines

In traditional security, developers run tests for code security, while operators ensure that firewalls and other protections work in the production environment. Access control and other tasks are handled by security experts and managers. DevSecOps uses version control and CI/CD pipelines to configure and manage security tasks automatically, across all teams, before deployment.

Who should learn DevSecOps?

DevSecOps brings together developers, systems architects, operators, security experts, and managers. Anyone with a role in security can define specifications and review system behavior:

  • For developers, DevSecOps is a way to scan their code at every check-in for coding flaws and vulnerabilities in package dependencies.
  • For system architects and operators, DevSecOps ensures that the intrusion detectors, firewall rules, and access control lists they've prepared are consistently applied.
  • For security experts and managers, DevSecOps allows formal requirements and reviews of their implementation.

DevSecOps is the way | Red Hat Livestreaming

In this monthly livestream series, learn how Red Hat weaves together DevOps and security automation to master DevSecOps. This show introduces you to Red Hat products used for DevSecOps and our security ecosystem partners to aid in your journey.

computer security

What developers need to know about security compliance

A developer's guide to security standards. Sharpen your understanding of key security standards and how they work together, then get tips for establishing responsibility for different aspects of your security infrastructure and incorporating security into your daily workflow—even when the requirements change from project to project.

Read more