DevSecOps: Automating security in the development lifecycle

Learn how security teams are using DevOps principles and CI/CD pipelines to automate application security.

What is DevSecOps?

DevSecOps automates and modernizes application security using familiar DevOps principles:

  • Traceable, transparent specifications
  • Version control for document management
  • Automated tools and testing through CI/CD pipelines

In traditional security, developers run tests for code security, while operators ensure that firewalls and other protections work in the production environment. Access control and other tasks are handled by security experts and managers. DevSecOps uses version control and CI/CD pipelines to configure and manage security tasks automatically, across all teams, before deployment.

Who should learn DevSecOps?

DevSecOps brings together developers, systems architects, operators, security experts, and managers. Anyone with a role in security can define specifications and review system behavior:

  • For developers, DevSecOps is a way to scan their code at every check-in for coding flaws and vulnerabilities in package dependencies.
  • For system architects and operators, DevSecOps ensures that the intrusion detectors, firewall rules, and access control lists they've prepared are consistently applied.
  • For security experts and managers, DevSecOps allows formal requirements and reviews of their implementation.

DevSecOps is the way | Red Hat Livestreaming

In this monthly livestream series, learn how Red Hat weaves together DevOps and security automation to master DevSecOps. This show introduces you to Red Hat products used for DevSecOps and our security ecosystem partners to aid in your journey.

What developers need to know about security compliance

A developer's guide to security standards. Sharpen your understanding of key security standards and how they work together, then get tips for establishing responsibility for different aspects of your security infrastructure and incorporating security into your daily workflow—even when the requirements change from project to project.

Read more

Popular DevSecOps resources

DevNation Tech Talks image

DevNation Tech Talk: Kubernetes configuration and security policies with KubeLinter


DevNation Tech Talk: Security and authentication strategies for apps on Kubernetes

How to apply machine learning to GitOps

How to apply machine learning to GitOps

Get started with Tekton and Pipelines

Get started with Tekton and Pipelines

3 steps toward improving container security

3 steps toward improving container security


Managing GitOps control planes for secure GitOps practices

Achieving DevOps with Containers: 3 things people miss by Scott McCarty


DesOps is "DevOps 2.0"