Code analysis tools and automated tests Shifting left in DevOps can be referred to as DevSecOps Test case design and development Test environment setup https://www.csoonline.com/article/567759/3-devsecops-success-stories.html GDPR
configuration as code MTTR = mean time to recovery
Code Analysis / Review
SAST = Static Application Security Testing ; white box DAST (Dynamic) / IAST (Interactive - real time - knows your application behaviour)
SCA = Software Composition Analysis SBOM = software bill of materials / software supply chain
Pipeline
GitGuardian - GitLeaks Python Package Index (PyPI) Unit Testing Integration Testing (existing features and functionality) CI/CD DAST - XSS… Snyk and Sonarqube
Canary 10% of migration in the prod… Developer Bypasses
environment variables to store cred
Dependency Disclosure / Dependency Confusion CI/CD integration or/and IDE