DevSecOps:DevOps下实现持续安全的实践探索

国内外各大软件企业正广泛实施DevOps相关实践,以提高产品交付和部署频率.与此同时,面对日益严峻的网络安全环境,软件系统中的安全问题日益凸显.耗时的安全实践因为快速交付,在软件开发活动中难以得到有效贯彻.也正因如此,在开发和运维流程中有效集成安全控制手段,实现整个软件生命周期的持续安全,已成为各大企业向DevOps转...

DevSecOps: Exploring Practices of Realizing Continuous Security in DevOps

DevOps practices have been widely implemented by software companies to increase the frequency of product delivery and deployment. However, faced the increasingly challenging network security, security problems in software systems are becoming prominent. Time-consuming security practices are difficult to be effectively implemented in software development activities because of rapid delivery. Integration of security control measures into software processes to realize continuous security needs to be urgently investigated for companies to transit to DevOps. DevSecOps, a solution to realize continuous security in DevOps, has attracted widespread attention from academia and industry, and has also gradually become a hot research topic in the field of software engineering. In recent years, as DevSecOps research and practice develop rapidly, people have gained a more comprehensive understanding of DevSecOps and more relevant security practices have been introduced. Hence, this paper summarizes the five aspects of background, characteristics, practice, benefits, and challenges, with the aim to introduce the core content of DevSecOps to the software engineering community in China for the first time in detail. Focusing on the latest theoretical research content of DevSecOps and the current state of corporate practice, it is also aimed to provide a reference for practitioners to implement DevSecOps practices. Hopefully, this paper could provide some foundation for researchers to explore DevSecOps and call for more researchers to participate in the research of DevSecOps.