An introduction to DevSecOps
Security is a key part of DevOps. But how does a team know it’s secure? Is it ever really possible to deliver a completely secure service?
Unfortunately, the answer is no. DevSecOps is a continuous and ongoing effort that requires the attention of everyone on the team. While the job is never truly done, the practices teams employ to prevent and handle breaches produce systems that are as secure and resilient as possible.
Teams that don’t have a formal DevSecOps strategy are encouraged to begin the planning as soon as possible. At first there may be some resistance from team members who don’t fully appreciate the threats that exist. Others may not feel that the team is equipped to face the problem and that any special investment would be a wasteful distraction from shipping features. However, it’s necessary to begin the conversation to build consensus as to the nature of the risks, how the team can mitigate them, and whether the team needs resources they don’t currently have.
Resources
- Microsoft Learn: Introduction to DevOps
- Microsoft Learn: Introduction to Azure DevOps
- Microsoft Learn: Work with Azure Repos and GitHub
Get started with DevSecOps
With Microsoft Learn, you can kick off your journey into DevSecOps with easy to understand training – and best of all, it’s free! This is the perfect way to work through new software.
- Microsoft Learn: Introduction to Secure DevOps
- Microsoft Learn: Provision and test environments
- Microsoft Learn: Security Monitoring and Governance
Learn more about DevSecOps
Already using DevSecOps and want to go further? Whether it’s learning something new within DevSecOps or becoming certified, there’s plenty more to explore and discover.
- Watch: Secure GitHub Actions with Azure Workload Identity Federation
- Watch: Secure DevOps with Pulumi and Terraform
- Watch: Secure DevOps with ARM and Bicep
