Code analysis tools and automated tests Shifting left in DevOps can be referred to as DevSecOps Test case design and development Test environment setup https://www.csoonline.com/article/567759/3-devsecops-success-stories.html GDPR

configuration as code MTTR = mean time to recovery

Code Analysis / Review

SAST =  Static Application Security Testing ; white box DAST (Dynamic) / IAST (Interactive - real time - knows your application behaviour)

SCA = Software Composition Analysis SBOM = software bill of materials / software supply chain

Pipeline

GitGuardian - GitLeaks Python Package Index (PyPI) Unit Testing Integration Testing (existing features and functionality) CI/CD DAST - XSS… Snyk and Sonarqube

Canary 10% of migration in the prod… Developer Bypasses

environment variables to store cred

Dependency Disclosure / Dependency Confusion CI/CD integration or/and IDE

Images

DevOps

DevSecOps

Secure Software Development Life Cycle

Application Security Testing