ABSTRACT
Enterprises can become agile and release the products faster
and innovate faster using DevSecOps practices. Organizations can improve quality, improve stability, agility and security using DevSecOps. DevSecOps covers various methods and practices that impacts culture, organizational processes and tools. The main stages of DevSecOps include plan, code, build, test, release, deploy, monitor. The key best practices of DevSecOps are tool integration, process definition, skill set development, security policy implementation, centralized monitoring, automation, cost control, pipeline execution time and minimal downtime. Integrated development, cross function collaboration and communication, continuous integration, continuous deployment, Infrastructure as Code (IaC), microservices architecture, automation, observability (monitoring and logging) and configuration management are the key tenets of DevSecOps. We use metrics to monitor the effectiveness of DevSecOps across various phases such as planning phase, build phase, test phase, deployment phase and operations phase. As part of DevSecOps setup, we initially identify the required DevSecOps tools to build the initial pipeline. We also deploy the monitoring tools to monitor the metrics across various stages of the DevSecOps pipeline. We then implement the security processes and automate the pipeline. We continuously improve the DevSecOps to improve the automation and effectiveness of the pipeline.
