(8) DevOPS/SecOps Flashcards
What is DevOps?
DevOps is about the combination of software development and IT ops with the idea of streamlining the SDLC.
How is DevOps conducted?
DevOps is conducted by using tools called toolchains and what they do is they strengthen the code, building and test, packaging, release, and many other elements of the SDLC
What is DevSecOps?
DevSecOps describes security as hand in hand with the DevOps model.
It operates with the premise that security is part of every step of the development and is the responsibility of all parties involved.
What role do security practitioners have in a DevSecOps model?
Security practitioners provide threat analysis, communications, planning, testing, feedback, ongoing improvement and other tasks.
The security practitioner has to have a strong understanding of the risk tolerance involved and an awareness of how the development process is going.
Describe the shared capabilities that are in play with DevOps and DevSecOps?
DevOps and DevSecOps combine integration and deployment methodologies, automation, integrated tooling involving various security tasks to help ensure strong security.
What is Continuous Integration (CI)?
CI is a practice within development where code is put into a shared repository on a consistent basis. This could be multiple times per day to more frequently
What is Continuous Deployment (CD)?
CD is where tested adjustments are integrated right away once they have been tested
What are some unintended consequences of the Continuous Integration (CI) and Continuous Development (CD) methods?
CI and CD can result in vulnerabilities being added to the code.
It can also result in a untrusted or bad developer putting flaw into code, but the code can be removed as part of the next development cycle
Logging, reporting, and monitoring have to be part of the CI/CD process