DevSecOps - bobbae/gcp GitHub Wiki

DevSecOps is a culture shift in the software industry that aims to bake security into the rapid-release cycles that are typical of modern application development and deployment.

DevSecOps isn’t just about development and operations teams. If you want to take full advantage of the agility and responsiveness of a DevOps approach, IT security and privacy must also play an integrated role in the full life cycle of your apps.

DevSecOps reflect a culture shift in the software industry that aims to bake security into the rapid-release cycles that are typical of modern application development and deployment, also known as the DevOps movement. Embracing this shift-left mentality requires organizations to bridge the gap that usually exists between development and security teams to the point where many of the security processes are automated and handled by the development team itself.

Security and Privacy

The security and privacy issues from the DevSecOps point of view require a cultural shift.

Binary Authorization

Binary Authorization is a deploy-time security control that ensures only trusted container images are deployed on Google Kubernetes Engine (GKE) or Cloud Run.

Links

https://github.com/devsecops/awesome-devsecops