Code analysis tools and automated tests Shifting left in DevOps can be referred to as DevSecOps Test case design and development Test environment setup https://www.csoonline.com/article/567759/3-devsecops-success-stories.html GDPR
configuration as code MTTR = mean time to recovery
Code Analysis / Review
SAST = Static Application Security Testing ; white box DAST (Dynamic) / IAST (Interactive - real time - knows your application behaviour)
SCA = Software Composition Analysis SBOM = software bill of materials / software supply chain
Pipeline
GitGuardian - GitLeaks Python Package Index (PyPI) Unit Testing Integration Testing (existing features and functionality) CI/CD DAST - XSS… Snyk and Sonarqube
Canary 10% of migration in the prod… Developer Bypasses
environment variables to store cred
Dependency Disclosure / Dependency Confusion CI/CD integration or/and IDE
Container
Interprocess Communication
Images
DevOps
DevSecOps 
Secure Software Development Life Cycle
Application Security Testing
Spidering/Crawling
Jenkins ~~ ZAP ~~ empecher logout ~~ api
IaC
Scalable Versionable Repeatable
Declarative vs. Imperative Agent-based vs. Agentless Immutable vs. Mutable Provisioning vs. Configuration Management (Infrastructure provisioning (the set-up of the infrastructure), infrastructure management (changes made to infrastructure), software installation (initial installation and configuration of software/applications), and software management (updates made to software or config changes).)
Continual (Best Practice) Phases
- Version Control
- Collaboration
- Monitoring/Maintenance
- Rollback
- Review + Change
Repeatable (Infra Creation + Config) Phases
- Design
- Define
- Test
- Provision
- Configure
Virtualisation in IaC : Scalability, Resource Isolation, Testing / Snapshots / Rollbacks, Templates, Multi-tenancy, and Portability
Hypervisor (VM) - Containerisation (Containers)
On-premises IaC and cloud-based IaC :
- Location
- Tech
- Ressources
- Scalability
- Cost
CSP : Cloud Service Provider